ContraForce Endpoint Page Overview

This article covers the basics of how to use the ContraForce Endpoint page.

The Endpoints Page is where you can get a sense of all the endpoints, devices such as laptops or desktops, sending data into your ContraForce portal. You can monitor the status of your devices, understand the automated investigations that are ran, as well as see how many alerts are being created within your environment. This page allows the user to make sure that they are setup for success and should be used often.

Endpoint Page

Feature Description
Endpoint Score Exposure Score is based on if an endpoint has potential vulnerabilities. These vulnerabilities could originate from risky or outdated software for example. If this score is low, that means your endpoints are at risk. Actions should be taken to make this score as high as possible. 
Alerts This is where the user can see alerts that are specific to endpoints. This is a much more endpoint focused view compared to similar information that is shown on the Command or Incidents pages. 
Active Alerts Active Alerts that currently have a status of open or alerts that are being investigated either by the user or the automatic investigations ran by the ContraForce portal.
Automated Investigations These are the investigations that the ContraForce portal runs automatically. The user can see the associated endpoint, the start and end date of the investigation, the id, and the status.
Total Endpoints This is a count of the total number of endpoints connected to the ContraForce portal. 
Endpoint Status Endpoints can have a status of active or inactive. If the status is active, the endpoint is actively connected to the ContraForce portal and it is sending data successfully. If the status is in-active that endpoint is not connected to the ContraForce portal. For example, when an endpoint is off boarded, it will show a status of inactive.
Exposed Endpoints This is a count of the endpoints that are deemed to have a high level of exposure. These exposed by the ContraForce portal. The exposure could originate from out of date software or operating system vulnerabilities.
Endpoint Risk This reflects the current exposure of this device based on the cumulative impact of its pending security recommendations.
Endpoint Inventory This is a list of all endpoints connected to your ContraForce portal. The user can see the name of the device, the device’s exposure level to threats, the OS platform it is running, the health state, and the last time the endpoint sent data to the portal.