Get Started with EDR

Built on our Cloud Agent technology, Qualys Endpoint Detection and Response (EDR) helps you continuously monitor and remediate endpoints for suspicious activity. EDR captures system activity to find indicators of compromise relating to malware and indicators of activity relating to threat actors to support investigation and response. We'll help you get started quickly!

Discover and Monitor

You can choose to activate EDR on the existing Windows agent or install and activate new Cloud Agents on Windows endpoints.

Download and Configure Cloud Agents for EDR

Enable EDR in CA Configuration Profile

Identify Windows Agents that need EDR Activation (optional)

Note: You must upgrade to Cloud Agent version 4.1 and above to utilize all the EDR functionality.

Detect and Investigate

The EDR UI gives you the power and flexibility to search and filter incidents detected by EDR, and system events and details provided by the cloud agent.

Investigation and Response

Hunting Tutorial

How to Search

Roles and Permissions

Configure Rule Based Alerts for Events

Respond and Prevent

Remediate malicious File, Process, Mutex, and Network events.

Remediation Action

User Activity

Customizable Dynamic Dashboards

Dashboards help you visualize your assets, see your threat exposure, leverage saved searches, and remediate priority of malicious/suspicious events quickly.

We have integrated Unified Dashboard (UD) with EDR. UD brings information from all Qualys applications into a single place for visualization. UD provides a powerful new dashboarding framework along with platform service that will be consumed and used by all other products to enhance the existing dashboard capabilities.

You can use the default EDR dashboard provided by Qualys or easily configure widgets to pull information from other modules/applications and add them to your dashboard. You can also add as many dashboards as you like to customize your vulnerability posture view.

Global Dashboard Permissions

Your access to Unified Dashboard depends on the global permissions granted to you from the Admin utility. Refer to the Online Help in the Admin utility for information on Global Dashboard Permissions.

Note: When you assign the Global Dashboard permissions to a role, the Global Dashboard permissions override the module-specific dashboard permissions. As a result, the module-specific dashboard permissions are ignored.

Quickly get custom views