Datto EDR Integration

To support comprehensive endpoint protection across your managed environments, VSA 9 can be integrated with Datto EDR to quickly deploy its agent and monitor protection status from within VSA.

Benefits

  • One-button bulk deployment of Datto EDR clients.
  • Visibility of Datto EDR service and protection status of agents.
  • Monitoring to ensure endpoints remain protected by Datto EDR and technicians are informed of security events requiring device isolation.
  • Click-through access to the Datto EDR management platform.

Prerequisites

Limitations

  • As with Ransomware Detection, bulk agent deployments of the Datto EDR Agent are limited by pagination on the Operations > Machines page (maximum 100 machines at a time). For larger selections, it is necessary to initiate the installation for each page of machines. Column filters can be used to narrow selection to machines that are not already installed. A policy object will be added in the next release to enable automated deployment based on standard targeting criteria.
  • The Datto EDR Agent cannot be installed on machines which have a standalone Ransomware Detection client managed by VSA 9. The Ransomware Detection client must be uninstalled using the Operations > Machines > Ransomware Detection tab prior to installation of the Datto EDR Agent. Refer to Uninstall Ransomware Detection. Once the Datto EDR Agent is deployed, Ransomware Detection can be installed and managed using the Datto EDR management platform. Refer to Ransomware Detection.
  • Currently, VSA 9 can monitor the running status of the Datto EDR service (HUNTAgent) on machines where the Datto EDR Agent is deployed, and this functionality will later be extended to the Datto AV service (EndpointProtectionService).
  • When deploying the Datto EDR Agent from VSA 9, its organization and top-level machine group will be automatically matched to an organization and location in the Datto EDR management platform (new entities will be created if no name match exists). If the VSA 9 Agent is subsequently moved to a different organization or machine group, the change will not currently be automatically synced to Datto EDR.

How to...

NAVIGATION  Endpoint Protection > Configuration > EDR Integration

  1. In the EDR URL field, enter the full URL for your instance of Datto EDR.
  2. In the API Token field, paste the API token copied from your Datto EDR instance. To learn how to generate this token, refer to Generating Datto EDR API tokens in the Datto EDR Help system.
  3. Click Save.

Upon successful authentication, Datto EDR functionality will be activated in VSA 9.

NAVIGATION  Endpoint Protection > Operations > Machines > EDR

You may deploy the Datto EDR client to any VSA 9 Agent not already protected by a standalone Ransomware Detection client. To learn about Ransomware Detection in VSA 9, refer to Ransomware Detection.

  1. Optionally, select a machine group or view filter from the drop-down menus in the upper-left corner of the page.
  2. Select your target machines using the check boxes.
  3. In the lower-left corner of the page, click Install to initiate the Datto EDR client deployment on the selected machine(s).
  4. In the confirmation dialog box, click Install.

    While the installation is in progress, the EDR Installation Status column will display Pending. After one to five minutes, the status will change to Installed if installation is successful.

The EDR tab on the Machines page is updated every 15 minutes with the latest data from Datto EDR.

NAVIGATION  Endpoint Protection > Operations > Machines > EDR > Alert Configuration

Optionally, you can enable alarm or ticket creation when the Datto EDR Agent is not running or a device is isolated.

NAVIGATION  Endpoint Protection > Operations > Machines > EDR > EDR Portal

To navigate directly from VSA 9 to your Datto EDR portal, select a machine and click EDR Portal in the lower-left corner of the page to open its device details page in Datto EDR. From there, you can perform actions such as metrics collection and device isolation. Refer to Navigating the Device details page in the Datto EDR Help system.

NAVIGATION  Endpoint Protection > Operations > Dashboards > EDR

The EDR dashboard displays an aggregate view of deployments and protection status across the whole VSA 9 environment, including the number of agents protected, agents with isolation applied, isolation history, and alerts.

NAVIGATION  Endpoint Protection > Application > Logging

Important device configuration and status changes are audited, and the details can be reviewed on the Endpoint Protection Logging page.

Datto EDR status information will also be displayed on the Asset Summary page in Live Connect. Refer to Asset Summary page in Live Connect.