Get Started with EDR

Built on our Cloud Agent technology, Qualys Endpoint Detection and Response (EDR) helps you continuously monitor and remediate endpoints for suspicious activity. EDR captures system activity to find indicators of compromise relating to malware and indicators of activity relating to threat actors to support investigation and response. We'll help you get started quickly!

Discover and Monitor

You can choose to activate EDR on the existing Windows agent or install and activate new Cloud Agents on Windows endpoints.

Download and Configure Cloud Agents for EDR

Enable EDR in a CA configuration profile (using the CA app)

Identify Windows agents that need EDR activation (optional)

Note: You must upgrade to Cloud Agent version 4.1 and above to utilize all the EDR functionality.

Detect and Investigate

The EDR UI gives you the power and flexibility to search and filter incidents detected by EDR, and system events and details provided by the cloud agent.

Investigation and Response

Hunting Tutorial

How to Search

Roles and Permissions

Configure Rule Based Alerts for Events

Respond and Prevent

Remediate malicious File, Process, Mutex, and Network events.

Remediation Action

User Activity

Customizable dynamic dashboards

Dashboards help you visualize your assets, see your threat exposure, leverage saved searches, and remediate priority of malicious/suspicious events quickly.

We have integrated Unified Dashboard (UD) with EDR. UD brings information from all Qualys applications into a single place for visualization. UD provides a powerful new dashboarding framework along with platform service that will be consumed and used by all other products to enhance the existing dashboard capabilities.

You can use the default EDR dashboard provided by Qualys or easily configure widgets to pull information from other modules/applications and add them to your dashboard. You can also add as many dashboards as you like to customize your vulnerability posture view.

Quickly get custom views