Managed Detection and Response (MDR) must be configured by a Global Administrator before the MDR team can begin to monitor your Nebula site activity in your OneView console. First, you must subscribe to the MDR service before you can configure the settings in OneView. For more information, see Subscribe to Add-ons in OneView.
MDR Contacts
When adding this service to a site, the MDR team must know which OneView users to contact when remediation steps are required for detections or suspicious activities. During emergency situations, you may be contacted by phone at any time of the day. Select OneView users and provide phone numbers for primary, backup, and alternate contacts that the MDR team can communicate with.
Note: The save button is grayed out if the following requirements are not met for selecting a contact or entering a phone number.
- The selected OneView user must be a Global Administrator or Site Administrator who has verified their account.
- The selected OneView user must have two-factor authentication enabled in OneView.
- The phone number cannot include spaces or symbols, except for the + symbol that can be used before an international country code. Examples of valid phone numbers:
- 1234567890
- +447891234500
- The same phone number cannot be used more than once.
OneView notifications are created for all contacts selected on this page. For more information, see Set up Managed Detection and Response notifications in OneView.
When deleting a OneView user who is a MDR contact from the Settings > Users page, you are prompted to select a new MDR contact.
Global Data Protection Regulation
CAUTION - This setting cannot be changed later. Confirm the correct selection is made before clicking Save.
Global Data Protection Regulation (GDPR) is a regulation on data protection and privacy in the European Union (EU) and European Economic Area (EEA). If you have any endpoints protected by OneView located in the EU or EEA, select Yes. This selection controls where data for MDR is stored.
Remediation authorization
You can choose the level of remediation service provided by the MDR team. Services range from fully managed to notifications only when there is a threat or suspicious activity.
- Managed: The MDR team will remove threats to protect your environment. This does not include rebooting, re-imaging, or other onsite tasks.
- Notification only: The MDR team notifies you of detected threats and provides detailed instructions to perform remediation.
Isolation authorization
Select Yes, authorize to allow MDR analysts to perform isolation on endpoints protected by Endpoint Detection and Response. Once the devices are investigated and cleaned, isolation can be removed. Endpoints are automatically rebooted when isolation is removed.
Connect to MDR portal
Once MDR configuration is complete, on the top click the MDR Portal. This generates and connects your MDR account with OneView. By connecting your accounts, analysts can begin monitoring and sending notification alerts.
Return to Managed Detection and Response.