TrainingSupportCommunity

Collect signals from ETP integration

​Akamai​ ​Enterprise Threat Protector​ (ETP) is a cloud-based security service that provides policy-based defense against phishing, malware, ransomware, DNS tunneling, and other threat events.

📘

To support this integration, you must have both Enterprise Application Access (EAA) and ​Enterprise Threat Protector​ on the same contract. If you don't, you won't see anything related to ​Enterprise Threat Protector​ in the EAA Device Posture console. The user device must also be running both the EAA and ETP clients.

When ​Enterprise Threat Protector​ is integrated with Enterprise Application Access, it informs Device Posture about devices that ETP has determined to be compromised due to the presence of suspected malware activity.

  1. In the EAA Management Portal navigation menu, select Reports > Device Posture.
    This redirects you to the Device Inventory tab on the Device Posture Reports page.

  2. From the Select Criteria drop-down list, select, Compromised Device - ETP from the criteria list.

  3. Select Yes as the criterion value.

  4. Click View Report.
    The report generates and displays all devices that experience a compromising event.

  5. Click a selected device in the Device Name column to display the Device Details report.

  6. In the Device Details report, click View Compromised Device Events to display the ​Enterprise Threat Protector​ events collected from the device.

  7. To ignore the detected threat events for Device Posture evaluation, click Ignore Threats in the Threats tab. This also clears the displayed threats.

📘

Ignoring threats lets you ignore detected threat events for Device Posture evaluation, but doesn't address the source of the threat on the device.

Next steps:
To include detection of ​Enterprise Threat Protector​ compromised devices in risk assessments and application ACLs, add the following rule to tiers and tags: Compromised Device - ETP > [Not Detected].

You can also detect devices with installed ETP Client. To do this, select the following criterion and value in your tiers and tags: ETP Client Status > Installed.

Updated about 1 year ago