Skip to main content

XDR architecture

To identify advanced attacks across multiple endpoints in hybrid infrastructures (workstations, servers or containers, running various OS) XDR centralizes data from multiple sensors, which the Security Analytics component correlates into network-wide incidents, to offer you an ample perspective of the security events impacting your environment.

XDR contains several major components:

  • The Incidents Sensor, which collects process data, and reports endpoint and application behavior data.

  • The Network Sensor, which collects and processes data at network level and sends it further for correlation to the Security Analytics engine.

  • The Security Analytics, a backend component that corelates metadata collected by the Incidents, Network, Productivity, Identity, and Cloud workload sensors.