AIR Endpoints are passive agents and Console is battle-tested on networks with up to 30.000 endpoints.
If you are planning to install AIR on a bigger network, please contact [email protected]
AIR uses HTTP as its default protocol. You can enable SSL by visiting Settings > SSL section.
Once Use SSL setting is enabled both Console and Endpoints will start using HTTPS port as their default protocol.
Absolutely! The level of forensic information AIR provides is the biggest differentiator that separates it from the rest of the crowd.
This fact makes AIR a perfect candidate for using it side-by-side with an EDR/XDR product.
Here are some EDR/XDR use-case examples:
Yes. AIR can be triggered by your SIEM/SOAR product without human intervention.
This makes it a perfect match for responding to alerts you receive from these solutions.
Communication with SIEM products is bi-directional. So, AIR not only receives alerts/triggers from your SIEM but also reports the actions it performed back to it via Syslog Protocol.
You will see a notification on Console whenever a new version is released.
Clicking this notification will download the latest version for you to install manually.
There is no auto-update feature in AIR Console.
You don’t. Endpoints update themselves automatically.
Upon installation of a Console update, endpoints receive an update task in response to their first connection and automatically update themselves.