EDR
Endpoint Detection and Response
EDR tools monitor endpoint devices for malicious activity and provide visibility into processes, file changes, and network connections. They record telemetry that analysts use to investigate and contain threats on workstations and servers.
Como é usado em cibersegurança
SOC analysts review EDR alerts to determine if a process execution is malicious or benign. Incident responders use EDR to isolate infected endpoints and collect forensic artifacts. Threat hunters query EDR telemetry to search for indicators of compromise across the fleet.
Termo relacionado no glossário: edr
As definições são explicações originais escritas para fins de desenvolvimento profissional. Para definições técnicas autoritativas, consulte NIST, ISO ou o órgão de normalização correspondente.