An critical alert was generated on the ICDm but then disappeared the next day. Customer wants to know why this alert was generated and advise on remediation.
SESC agent is installed with all components functioning and enabled.
Workstation: Win 10 Enterprise laptop
New Compromised Device Found
Prpduct: Opstate assessment service
Anyone seen this before.
I have found some reference to the "8061 - Entity change" event but cant figure out what this means and what to investigate on the machine?
EDR event detection types and descriptions
Broadcom |
remove preview |
|
EDR event detection types and descriptions |
View the events generated from system activities, threat detections, audits, and more on the Investigate page of the cloud console. |
View this on Broadcom > |
|
|