Collect signals from ETP integration

Akamai Enterprise Threat Protector (ETP) is a cloud-based security service that provides policy-based defense against phishing, malware, ransomware, DNS tunneling, and other threat events.
Note: To support this integration, you must have both EAA and ETP on the same contract. If you don't, you won't see anything related to ETP in the EAA Device Posture console. The end user device must also be running both the EAA and ETP clients.

When ETP is integrated with EAA, ETP will inform Device Posture about devices that ETP has determined to be compromised due to the presence of suspected malware activity.

How to

  1. In the EAA Management Portal, select Reports > Device Posture.
    The Device Posture Reports page appears.
  2. On the Inventory tab, select Compromised Device - ETP from the Select Criteria field. When prompted for the value, select Yes.
  3. Click View Report.
    The report generates and displays all devices that experiences a compromise event.
  4. Click a device in the Device Name column to display the Device Details report.
  5. In the Device Details report, click View Compromised Device Events to display the ETP events collected from the device.
  6. To ignore the detected threat events for Device Posture evaluation, click Ignore Threats in the Threats tab. This will also clear the displayed threats.
    Note: Ignoring threats does not address the source of the threat on the device. Ignoring provides the admin a way to ignore detected threat events for Device Posture evaluation.

Next steps

To include detection of ETP compromised devices in risk assessments and application ACLs, add the following rule to tiers and tags:

  • Compromised Device - ETP > [Not Detected]
You can also detect devices with installed ETP Client. To do this, select the following criterion and value in your tiers and tags:
  • ETP Client Status > Installed