Skip to main content

Incidents sensor

Endpoint Detection and Response (EDR) is an event correlation component, capable of identifying advanced threats or in-progress attacks.

eXtended Detection and Response (XDR) is a cross-company event correlation component, capable of detecting advanced attacks across multiple endpoints in hybrid infrastructures (workstations, servers or containers, running various OS).

As part of our comprehensive and integrated Endpoint Protection Platform, these solutions bring together device intelligence across your enterprise network. They come in aid of your incident response teams' effort to investigate and respond to advanced threats.

For XDR to correlate events and generate organization-level incidents, you need to turn on the Incidents Sensor.


The Incidents sensor continuously monitors endpoint activity such as running processes, network connections, registry changes, and user behavior. This metadata is being collected, reported and processed by machine learning algorithms and prevention technologies that detect suspicious activity on the system, and generate Incidents.

For the complete documentation on Endpoint Detection and Response/eXtended Detection and Response, refer to EDR / XDR.


EDR and XDR availability and their capabilities differ depending on your license. For more information, refer to Features distribution.