Configuring contexts

  • All Emergency and Alert logs agent logs are automatically contexts. In addition, some protections systematically generate contexts during an attack. This is especially the case for process hollowing, execution flow hijacking and heap spraying, among others. Some protection rules are also configured by default to generate contexts when actions are blocked, or even during suspected attacks that are not severe enough to be blocked. For further information, refer to the sections Managing vulnerability exploitation and Defining access control rules.
  • In the context details, the size, perimeter, type and frequency of reporting to the agent handler can be configured for each individual agent group. For further information, refer to the section Configuring context details generated by agents.