Working with the Policies page

NAVIGATION  Policies

SECURITY   Datto EDR subscription with administrator-level platform access or Datto AV subscription with administrator-level platform access

BEFORE YOU BEGIN  The type of subscription you have may define the features available to you on this page. For a comprehensive overview of features available to Datto EDR and Datto AV customers, refer to Datto EDR and Datto AV access control.

From the Policies page, you can create and customize the rules used by the analysis engine to detect threats in your environment. You can also manage your instance's ransomware, Datto AV, and Windows Defender policies and determine the actions that the platform takes when it identifies a suspected threats on an endpoint.

This article describes the page's layout and functions.

Overview

To access the Policies page, perform the following steps:

  1. To access the Policies page, in the top navigation menu, click Policies.

  2. The page will load, with the Policy List view selected by default.

  1. Select a page to continue.

Policy List

The Policy List page enables you to enable, disable, and configure the settings for your global ransomware detection and Microsoft Defender Antivirus policies. To learn more about these features, refer to Understanding Datto EDR's ransomware detection, Protecting endpoints with Datto Antivirus (AV), and Leveraging Microsoft Defender Antivirus with Datto EDR.

Detection Rules

Detection rules run automatically against endpoint audit data as it is received by your instance. It helps Datto EDR identify potential threats and how to address them. The rules we provide analyze your endpoints for processes and behaviors that match the top known Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) techniques. When a rule is triggered, Datto EDR will generate an alert and follow the workflow you define.

You can selectively enable, disable, and customize rules to tailor your instance's threat analysis procedures to the needs of your environment. You'll find these management options on the Detection page.

Alert Suppression

From this page, you can view, manage, and publish suppression rules for specific types of alerts. To learn more about this feature, refer to Suppressing alerts.

Policy types

Managing policies

Once you've created a named policy, it will appear in the table on the Policy List page. From here, you can activate or deactivate your policies, set them as the default policies for newly-created organizations, and delete them. Refer to the Policy List section of this article for more information.