08-06-2014 06:37 AM
What does "Acknowledge Yes / No" in the RAPIDS > Detail page of a classified device, such as a suspected rogue, actually do.
I am aware that acknowledging a device does not stop alerts from being generated for the device, but is it to do with acknowledging existing alerts for it (assuming that triggers have been configured to generate said alert) thereby reducing the active alert count?
08-06-2014 06:58 AM
"Displays whether or not the rogue device has been acknowledged. Devices can beacknowledged manually or you can configure RAPIDS so that manually classifying rogues will automatically acknowledges them. Additionally, devices can be acknowledged by using Modify Devices link at the top of the RAPIDS > List page. Rogues should beacknowledged when the AMP user has investigated them and determined that they are not a threat "
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
08-06-2014 07:06 AM
Thanks Victor, but what does the act of acknowledgement actually do? For example, I manually acknowledge a rogue: what does AMP do with that instruction from me?