Skip to main content


As part of our comprehensive and integrated Endpoint Protection Platform, these solutions bring together device intelligence across your enterprise network. They come in aid of your incident response teams' effort to investigate and respond to advanced threats.


EDR and XDR availability and their capabilities differ depending on your license. For more information, refer to Features distribution.

Working with incidents

The Incidents section helps you filter, investigate and take actions on all security events detected by Incidents Sensor over a specific time interval.


Only GravityZone users with management rights on the entire company have access to this section.

This section contains the following pages:

  • Incidents: view and investigate incidents.

  • Blocklist: manage blocked files from incidents.

  • Search: query the security events database.

  • Custom detection rules: create custom rules for detections

  • Custom exclusion rules: create custom rules for exclusions


Availability and functioning of these features may differ depending on the license included in your current plan.