I was wondering, could the MAR threat workspace and the trace rules work without any connection to the cloud? If so, please explain to me how to do this... If not, is there any alternatives to on-premise organizations?
If you want to come closest, write Triggers against key threats and monitor any ATP containment event (at least from key parent processes) where daysbeforedetection=0.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC