EDR / XDR

eXtended Detection and Response (XDR) is a cross-company event correlation component, capable of detecting advanced attacks across multiple endpoints in hybrid infrastructures (workstations, servers or containers, running various OS).

XDR gathers data using the Incident sensor. Deploy it on all your managed endpoints, to gather hardware and operating system data. Following a client-server framework, the metadata is collected and processed on both sides, and the Security Analytics component correlates the events into rich format incidents, ready for investigation in the Incidents page.

As part of our comprehensive and integrated Endpoint Protection Platform, these solutions bring together device intelligence across your enterprise network. They come in aid of your incident response teams' effort to investigate and respond to advanced threats.

Important

EDR and XDR availability and their capabilities differ depending on your license. For more information, refer to Features distribution.

Working with incidents

The Incidents section helps you filter, investigate and take actions on all security events detected by Incidents Sensor over a specific time interval.

Note

Only GravityZone users with management rights on the entire company have access to this section.

This section contains the following pages:

Incidents: view and investigate incidents.
Blocklist: manage blocked files from incidents.
Search: query the security events database.
Custom detection rules: create custom rules for detections
Custom exclusion rules: create custom rules for exclusions

Note

Availability and functioning of these features may differ depending on the license included in your current plan.

In this section:

EDR / XDR

Important

Working with incidents

Note

Note

Search results