Explanation of Boolean logic in device definitions
Last Modified: 2022-09-06 17:40:24 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Explanation of Boolean logic in device definitions
Technical Articles ID:
KB82966
Last Modified: 2022-09-06 17:40:24 Etc/GMT EnvironmentData Loss Prevention (DLP) Endpoint - all supported versions
For supported environments, see KB68147 - Supported platforms for Data Loss Prevention Endpoint. ProblemWhen you combine elements such as Bus Type, Device Class, or Device USB Class, a device definition might not match the devices wanted.
SolutionWhen you write device definitions, remember that device definitions use Boolean logic when combining elements.
For example, suppose that an administrator wants to combine several elements to look for USB modems, Portable Devices, or Mass Storage devices. The following device definition is unlikely to match the devices wanted because of the logical elements. The element types shown in the first column are bound by AND. The values reading horizontally are bound by OR. A USB modem does not normally have a Mass Storage characteristic, so the device definition does not match. A Portable Device is more likely to have a Mass Storage characteristic that matches the device definition.
Example:
To make sure that device definitions match the device wanted, you must create a separate device definition for each distinct hardware type. In the following example, there are two device definitions, each describing a separate device. A USB modem is detected in Definition 1 and a Portable Device is detected in Definition 2.
Example:
Affected ProductsLanguages:This article is available in the following languages: |
|