MetaDefender NDR Menu Items

You can access MetaDefender NDR by using the MetaDefender NDR main menu items available on the left pane of the GUI. An overview of these menu items is given in the following table. Detailed instructions on using them are discussed in further sections in this guide.

Left Navigational Menu	Menu Name	Brief Description
	Dashboard	Default screen of the InQuest user interface that appears when you sign in, displaying the real-time statistics and analysis of potential network security threats and events, thus enabling you to constantly monitor your environment. You can get an overview of current connectivity status of your managed hosts, files and file types being transferred through the top protocols via your network, and the latest threat origins and events at a single glance.
	Analysis	Contains analytic tools as separate tabs enabling you to: View specific attributes associated with TCP sessions. Search and locate specific sessions and gauge high risks Download original content for additional incident handling and/or forensic purposes. Retrograde threat assignment on historical traffic based on the latest threat information. Upload raw traffic captures for processing.
	Reporting	Enables you to schedule or run various reports to view data in the system. This includes various session data, threat data, and signature data. The reports can be run on demand or scheduled to run daily, weekly, or monthly at a configured time.
	Filtration	Enables you to filter huge number of files, file types, hosts, MD5s, and hashes (that are considered safe) from being scanned, for general performance tuning and system resource preservation.
	Policy	Enables you to add and manage product policies, customized/user-defined signatures, known C2-IP and DNS records, and blacklist suspicious hashes by assigning a threat score.
	Administration	Enables you to configure managed system settings globally, manage integrations and collector properties, install your organization SSL certificate and the corresponding key to the InQuest manager, apply published product updates across systems manually, and add new workflow status types for your sessions and events as required.
	Authentication	Enables you to manage users and user groups by granting specific product access permissions to them. Remote authentication is also available through multiple external integrations for users with Active Directory (including AD+SSL), LDAP (including LDAPS), RADIUS, and TACACS+.
	Knowledge Base	Enables you to view all published signatures and their details.
	Support	Provides you the software version and licensing information, Support contact details, links to download the product documentation, and an interface for exporting product logs to the InQuest Technical Support team. You can also: Execute product update command globally to update all managed systems with the latest Codepacks, Feedpacks, and Sigpacks. Execute shutdown/reboot commands on required or all managed systems. View system logs, End-User License Agreement, and sites and licenses for the open-source software libraries.

Note: In case of any additional permissions granted by the administrators, you will find the corresponding additional menu items with access to the new features on the GUI. In the event an administrator modifies the group permissions while you are logged in to MetaDefender NDR, the new permissions will be assigned only after you log out and log back in to MetaDefender NDR. For information on additional menu items and detailed instructions on using them, refer the MetaDefender NDR Administrator Guide.

Last updated on

Was this page helpful?