XEDR architecture

To identify advanced attacks across multiple endpoints in hybrid infrastructures (workstations, servers or containers, running various OS) XEDR centralizes data from multiple sensors, which the Security Analytics component correlates into network-wide incidents, to offer you an ample perspective of the security events impacting your environment.

XEDR contains several major components:

  • The Incidents Sensor, which collects process data, and reports endpoint and application behavior data.

  • The Network Sensor, which collects and processes data at network level and sends it further for correlation to the Security Analytics engine.

  • The Security Analytics, a backend component that corelates metadata collected by the Incidents Sensor and the Network Sensor.