Hi Team,
We are working on a requirement of NGIPS and APT requirement and need clarification of these feature support in AMP for endpoints:
- Is the product capable of automatically collect and store forensic data locally on client for endpoint incidents.
- Does the product provide support for XFF to identify end user behind Proxy servers
- Is the product capable of self healing/recovery for their agents deployed on endpoint.
- Does the product have ability to identify end user behind IP address by integrating with user repository like AD etc
-
Is the product able to provide customizable sandbox to fulfill Customer's environments and needs.
-
What is the file size supported for Sandbox analysis : On-premises Cloud based
-
How many no of simultaneous environments supported in sandbox: On-premise Cloud based
-
Providing a single sandbox instance per OS with co-existence of various application version instances installed on it.
-
Does the product have sandbox inbuilt tools for static-analysis (such as jsunpack, yara, etc.) of files/artifacts.
-
Does the product have necessary packet captures enabled on sandbox environment.
-
Is your solution capable for both hardware and virtual emulated sandbox.
Thanks & Regards,
Yogesh Madhekar
