3.1.1 System Requirements • Ability to create user accounts of different roles and privileges (may include, but may not by limited to, School administrators, system admin, civil rights investigators). • Ability to delegate limited access to admins for a specific subset of devices. • Ability for school administrators and system admins to authenticate using Azure AD, SAML 2.0, or Open Authentication. • Ability to generate statistical reports with customizable reporting fields (may include, but may not by limited to, number of incidents reported statewide, types of incidents reported per school or complex, amount of time to resolution). • Ability to export reports into a range of formats including, but not limited to, portable document format (PDF), comma-separated values (CSV), and Excel. • Ability to generate daily or monthly reports in formats including, but not limited to, portable document format (PDF), comma-separated values (CSV), and Excel. • Ability to dynamically organize assets based on attributes and may include, but may not be limited to, IP Address, Device Name. • Ability to generate an asset inventory for the endpoints that are enrolled into the system. • Ability to generate data driven dashboards that provide high level insight into threat landscape, endpoint distribution and endpoint health for organization. • Ability to sort and organize data based on device attributes values. • Ability to create custom software installation packages. • Ability to access a 24x7 support portal to open incidences. • Ability to access a status page to outline system news which may include, but may not be limited to, outages, downtime). • Ability to customize automatic incident alerts that admins receive. • Ability to create and manage multiple tenants for endpoints. • Ability to create a collection of reusable AI generated queries. • Ability to transfer data from CONTRACTOR’s EDR system to other platforms through the use of natively available connectors, or third party connectors (i.e. Google GCP). • Ability to install directly onto endpoints that run operating systems that include, but are not limited to, all Windows desktop and server OS, MacOS, and Linux. • An administration console that is accessible through web browsers that include, but are not limited to, Mozilla Firefox, Google Chrome, Microsoft Edge, and Safari. • Minimal performance impact which may include, but may not be limited to, memory footprint, disk space requirements, and system utilization. 3.1.2 System Features • Ability to quarantine malicious files. • Ability for one-click remediation and rollback natively on the device. • Ability to identify and mitigate malicious behavior. • Ability to create custom dashboards that reflect endpoint data and threat statistics. • Ability to have virus/malware definitions automatically updated. • Ability to automatically or manually update AV software on for specific groups of endpoints. • Ability to create a user-defined blocklist for programs and files based off hash values. • Ability to create an application inventory from the EDR telemetry. • Ability to identify risky applications that are installed on devices. • Ability to identify suspicious activity on endpoints. • Ability to funnel data and logs for systems into a native Data Lake. • Ability to integrate with enterprise level third-party security information and event management (SIEM) platforms. • Ability for users to create custom queries to pull specific sets of data. • Ability to network isolate endpoints. • Ability to group devices based on dynamic attributes such as IP address. • Ability for investigation management directly within the management console. • Ability to prevent unauthorized uninstallation of AV software from endpoints. • Ability for AV to provide detailed device information which includes but is not limited to, serial number, operating system, MAC address, local IP, domain, workgroup. • Ability to configure custom system alerts when malicious or suspicious activity occurs. • Ability to support the functionality of the following for endpoints: Firewall Control, Device Control and Remote Shell. • Ability to export console data in various formats. • Ability to identify threats based on a number of threat engines that include, but are not limited to, Static AI, Behavioral AI, Application Control, Cloud Threat. • Ability to create automations to streamline tasks. • Ability to remotely take action upon AV software (agent) which includes, but is not limited to, disable, enable, update, restart services, fetch logs, or approve uninstall. • Ability to send written custom messages to specific endpoint(s). • Ability to initiate a manual or remote custom scan of endpoints. • Ability to provide active monitoring and scanning of all read and write actions that occur on endpoints. • Ability for end users to alert system administrator if uninstallation of software is necessary. • Ability to set a timeout period of inactivity which will purge endpoint from console and free license for re-distribution. • Ability for endpoint that was purged from console due to inactivity to automatically re-enroll after checking into the console. • Ability to tag endpoints for organizational purposes, and utilize those groupings to create reports, or push configurations. • Ability to identify and provide active endpoint protection against malware and greyware, which includes, but may not be limited to, Malware, Infostealers, Cryptominer, Potentially Unwanted Programs (PUPs), Ransomware. • Ability to identify and provide metrics on MacOS that require full disk access to be configured in order to allow software to fully function. • Ability to utilize AI to assist with threat detections and query building. • Ability to utilize AI to generate queries for data that is collected within the solutions console. • Ability to produce a chain-of-events (storyline) for security incidents that occur. • Ability to natively discover devices on the network that do not have EDR through agents already installed on other devices. • Ability to seamlessly update or upgrade all agents without the use of any additional tools. • Ability to check file read and writes that occur on devices in real time. • Ability to download files from endpoints directly within the administrative console. • Ability to remotely open a secure session on devices from the administrative console. • Ability to support agent installations on legacy or end-of-life devices. • Ability to whitelist benign hash values for files.
