Built on our Cloud Agent technology, Qualys Endpoint Detection and Response (EDR) helps you continuously monitor and remediate endpoints for suspicious activity. EDR captures system activity to find indicators of compromise relating to malware and indicators of activity relating to threat actors to support investigation and response. We'll help you get started quickly!
You can choose to activate EDR on the existing Windows agent or install and activate new Cloud Agents on Windows endpoints.
Download and Configure Cloud Agents for EDR
Enable EDR in a CA configuration profile (using the CA app)
Identify Windows agents that need EDR activation (optional)
Note: You must upgrade to Cloud Agent version 4.1 and above to utilize all the EDR functionality.
The EDR UI gives you the power and flexibility to search and filter incidents detected by EDR, and system events and details provided by the cloud agent.
Investigation and Response
How to Search
Roles and Permissions
Configure Rule Based Alerts for Events
Remediate malicious File, Process, Mutex, and Network events.
Dashboards help you visualize your assets, see your threat exposure, leverage saved searches, and remediate priority of malicious/suspicious events quickly.
We have integrated Unified Dashboard (UD) with EDR. UD brings information from all Qualys applications into a single place for visualization. UD provides a powerful new dashboarding framework along with platform service that will be consumed and used by all other products to enhance the existing dashboard capabilities.
You can use the default EDR dashboard provided by Qualys or easily configure widgets to pull information from other modules/applications and add them to your dashboard. You can also add as many dashboards as you like to customize your vulnerability posture view.
Quickly get custom views