Introduction
Welcome to Field Effect.
As a Core client, you can deploy Field Effect MDR in your environment by completing the phases outlined in this playbook, which include:
- Phase 1: Create Accounts and Invite Users
- Phase 2: Complete Your Organization’s Monitoring Profile
- Phase 3: Set up Active Response
- Phase 4: Set Up Cloud Monitoring
- Phase 5: Install Endpoint Agents
To begin the process, we will reach out via email to introduce you to the service and help you complete your deployment.
Phase 1: Create Accounts and Invite Users
Field Effect MDR is managed through the MDR Portal, which requires an account. From here, you can configure the service and its features.
After creating your MDR Portal account, invite members from your organization to create their own accounts. We recommend inviting your technical team members first, so they can help set up and adjust Field Effect MDR for your organization.
For more on this topic, visit:
Phase 2: Complete Your Organization’s Monitoring Profile
Now that your team can access the MDR Portal, it's time to complete your organization’s monitoring profile.
This is found on the Service Profile page, and it contains information that helps us better understand, contextualize, and characterize the activity being monitored.
This profile stores your organization’s web domains, email domains, public IPs, and (geographical) staff locations.
Some features, such as the DNS Firewall, require that the monitoring profile be filled out, which is why we recommend setting it up as soon as you have access to the portal.
For more on this topic, visit:
Phase 3: Configure Active Response
Google Workspace and Microsoft 365 support Active Response, so it’s important to configure it before enrolling these services for cloud monitoring.
Active Response lets you define how aggressively Field Effect MDR, and our security analysts, respond to threats. This is defined through your response policy, which should align with your organization’s tolerance for risk and downtime.
There are four response policy levels available (Off, Limited, Balanced, and Aggressive), and we apply the Limited policy to new organizations by default.
Each response policy can be modified with custom exclusions (example: "never isolate host X."), and we encourage you to tailor your response policy to suite your organization's risk tolerance - especially while deploying the service.
For more on Active Response, visit:
Phase 4: Set Up Cloud Monitoring
For this phase, you will enroll up your organization’s supported cloud services for cloud monitoring. Our Help Center has setup guides for the cloud services we support.
Additionally, Google Workspace and Microsoft 365 support Active Response. So, it’s important to set up Active Response prior to setting up these cloud services, as you will be given a chance to enable Active Response when enrolling these cloud services.
For more on this topic, visit:
Phase 5: Install Endpoint Agents
The final phase for a Core deployment is to install the endpoint agent across all your organization’s support devices.
Every device in your organization should have an endpoint installed, as it is required for several Field Effect features to function.
Endpoint agents are accessible via the MDR Portal's Downloads page and available for Windows, macOS, and Linux (Debian/Ubuntu and RedHat).
For more on this topic, visit:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article