Configure Verbose Mode

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product.

Verbose mode enables a small number of computers on the network to generate extended telemetry for a limited period of time. You can analyze this information to evaluate the WatchGuard Endpoint Security software components in use at the time of an Indicator of Attack (IOA) event.

You can use also the Verbose mode to evaluate the capabilities of security software in a test environment where you simulate attacks on IT infrastructure.

For more information about the normal and extended telemetry, go to Computer Telemetry on the Investigation Page.

Before you enable Verbose mode for a computer, make sure that:

• The Workstations and Servers settings profile is assigned to the computer. For more information about Workstations and Servers settings, go to Configure Workstations and Servers Security Settings.
• Audit mode is enabled for the computer. For more information about how to enable Audit mode, go to Configure Audit Mode.

Enable Verbose Mode

To enable the Verbose mode:

1. In WatchGuard Cloud, select Configure > Endpoints.
2. Select Computers.
3. From the left pane, select the My Organization tab.
4. Next to the computer you want to enable Verbose mode for, click .



5. Select Verbose Mode.
   The Enable Verbose mode dialog box opens.



6. From the Enter the Duration drop-down list, select the duration of Verbose mode.
   You can enable Verbose mode for a duration of 1 hour, 24 hours, 3 days, or 7 days.

7. Click Enable Verbose Mode.
   Verbose mode enables and the icon appears next to the computer in the list.

   

You can enable Verbose mode for a maximum of 20 computers simultaneously. You can enable Verbose mode for a computer for a maximum of seven days.

Disable Verbose Mode

To disable Verbose mode:

1. In WatchGuard Cloud, select Configure > Endpoints.
2. Select Computers.
3. From the left pane, select the My Organization tab.
4. Next to the computer you want to disable Verbose mode for, click .
5. Select Disable Verbose Mode.
   The Verbose mode disables and the icon disappears.

Create Verbose Mode Filter

On the Computers page, in the Filter tab, you can create a group to view the computers and devices that are in Verbose mode on your network.

To add a filter for the computers in Verbose mode:

1. In WatchGuard Cloud, select Configure > Endpoints.
2. Select Computers.
3. From the left pane, select Filters.
4. Next to the folder where you want to add a filter, click .

5. Select Add Filter.
   The Add Filter page opens.

6. In the Name text box, type a name for the filter.
   The name does not have to be unique.

7. From the Select a Category drop-down list, select Computer.

8. From the Select a Property drop-down list, select Verbose Mode.

9. From the Select an Operator drop-down list, select Is Equal To.

10. From the Select a Value drop-down list, select True.

11. Click Add.
    The new filter appears on the Filters tab.

Related Topics

Create a Computer Investigation

About the Advanced SQL Query Tool