Qualys Endpoint Detection and Response (EDR) helps you continuously monitor and remediate endpoints for suspicious activity using our Cloud Agents. EDR captures system activity to find indicators of compromise relating to malware and indicators of activity relating to threat actors to support investigation and response. EDR provides prevention, detection and response across the entire attack lifecycle. Plus, you only need one agent to perform critical security functions and respond to and remediate incidents in real time.
We'll help you get started quickly!
First, you need to build your inventory but configuring your cloud agents. Once the agents are configured, the detections on those assets start showing up in your EDR UI. You can then easily investigate and respond to them by taking appropriate remediation actions.
You can choose to activate EDR on the existing Windows agent or install and activate new Cloud Agents on Windows endpoints.
Download and Configure Cloud Agents for EDR
Enable EDR in CA Configuration Profile
Identify Windows Agents that need EDR Activation (optional)
Roles and Permissions
Note: You must upgrade to Cloud Agent version 4.1 and above to utilize all the EDR functionality.
The EDR UI gives you the power and flexibility to search and filter incidents detected by EDR, and system events and details provided by the cloud agent.
Investigation and Response
View Event Details
Use QQL tokens to Search
Configure Rule Based Alerts for Events
Remediate malicious File, Process, Mutex, and Network events.
Dashboards help you visualize your assets, see your threat exposure, leverage saved searches, and remediate priority of malicious/suspicious events quickly.
We have integrated Unified Dashboard (UD) with EDR. UD brings information from all Qualys applications into a single place for visualization. UD provides a powerful new dashboarding framework along with platform service that will be consumed and used by all other products to enhance the existing dashboard capabilities.
You can use the default EDR dashboard provided by Qualys or easily configure widgets to pull information from other modules/applications and add them to your dashboard. You can also add as many dashboards as you like to customize your vulnerability posture view.
Your access to Unified Dashboard depends on the global permissions granted to you from the Admin utility. Refer to the Online Help in the Admin utility for information on Global Dashboard Permissions.
Note: When you assign the Global Dashboard permissions to a role, the Global Dashboard permissions override the module-specific dashboard permissions. As a result, the module-specific dashboard permissions are ignored.
Quickly get custom views