Advanced Threat Protection

Hello,

I have a question about the Endpoint module of the ATP. We are thinking about deploying the ATP: Endpoint module, but we know that the Network module is present at the OVA file too. As we will install SEP Manager also, we won't need the other network functionalities. My question is: will we have the EDR functionality if only we enable the ATP VM as a management role? Or we need a port span interface for tap and enable the network module too?

Thank you.

If you need the ATP Endpoint (excludinf the ATP Network), you should choose "2:Management platform" at bootsrap fase.

If so, ATP Network module will not be installed.

When you install ATP, below options are available to chose from:

1) Managment Platform: By selecting this option, you will have Endopoint functionality means Managment platform will manage the SEP Endpoint and with all EDR capabilities as well as you can manage any Network Scanner with this applaince in future if you plan to deploy.

2) Network Scanner: Applaince acts as a network Scanner and integrates with the Network using TAP for passive scanning and else you have optin to deploy in-line. You must have another Managment applaince deployed to manage any Network Scanner.

3) All-in One: installs as Managment+Network applaince to provide bothe functionality as mentioned abobe in point 1 & 2

In short, to use EDR functuionality, you must deploy APT as MAMANGMENT PLATFORM. 

Hope it helps !!!

Please make sure to mark this as a solution to your problem, when possible.