Incidents sensor
Endpoint Detection and Response (EDR) is an event correlation component, capable of identifying advanced threats or in-progress attacks.
As part of our comprehensive and integrated Endpoint Protection Platform, this solution brings together device intelligence across your enterprise network. It comes in aid of your incident response teams' effort to investigate and respond to advanced threats.
For EDR to correlate endpoint events and generate incidents, you need to turn on the Incidents Sensor.
The Incidents Sensor continuously monitors endpoint activity such as running processes, network connections, registry changes, and user behavior. This metadata is being collected, reported and processed by machine learning algorithms and prevention technologies that detect suspicious activity on the system, and generate Incidents.
For the complete documentation on Endpoint Detection and Response/eXtended Detection and Response, refer to EDR / XDR.
Important
EDR and XDR availability and their capabilities differ depending on your license. For more information, refer to Features distribution.