is there an option to generate a TIE Threat Event for any unknown file but without any block or popup??
Actual TIE projects are showing an amount of unknown executealbes from 100.000 up to 250.000. This is a massive value and customers are often completely overstrained.
The goal should be.
We want to query virustotal for any unknown executable which was executed.
this works in Observation Mode when "Block at" is set to unknown.
However, how about blocking if the reputation level is at least "Might be Malicious" and monitor any unknown executables.