Updating databases

To detect threats quickly and keep the protection level of a client device up to date, you have to regularly update databases and application modules on the device.

You can update databases on a device in one of the following ways:

• From the alert or incident details.
• From the device details.
• From an investigation graph.

  This option is available if the investigation graph is built.

You can also configure the response action to run automatically when creating or editing a playbook.

To update databases on a device, you must have one of the following XDR roles: Main administrator, Tenant administrator, Junior analyst, Tier 1 analyst, Tier 2 analyst.

It might take up to 15 minutes to launch a response action due to the synchronization interval between the managed device and the Administration Server.

To update databases on a device:

1. In the main menu, go to the Monitoring & reporting section, and then select the Alerts or Incidents section.

   If you want to update databases from an investigation graph, select the Incidents section.

2. Click the ID of the required alert or incident.
3. In the window that opens, do one of the following:
   • If you want to respond through the alert or incident details, go to the Assets tab, and then select check box next to the device on which databases are to be updated.

     You can select several devices, if necessary.

   • If you want to respond through the device details, go to the Assets tab, click the name of the required device, and then in the drop-down list, select View properties.
   • If you want to respond through an investigation graph, click the View on graph button. In the investigation graph that opens, click the device name to open the device details.
4. In the Select response actions drop-down list, select Update databases.

   If the operation is completed successfully, an appropriate message is displayed on the screen. Otherwise, an error message is displayed.

Page top