Get Started with EDR

Qualys Endpoint Detection and Response (EDR) helps you continuously monitor and remediate endpoints for suspicious activity using our Cloud Agents. EDR captures system activity to find indicators of compromise relating to malware and indicators of activity relating to threat actors to support investigation and response. EDR provides prevention, detection and response across the entire attack lifecycle. Plus, you only need one agent to perform critical security functions and respond to and remediate incidents in real time.

We'll help you get started quickly!

First, you need to build your inventory but configuring your cloud agents. Once the agents are configured, the detections on those assets start showing up in your EDR UI. You can then easily investigate and respond to them by taking appropriate remediation actions.

Discover and Monitor

You can choose to activate EDR on the existing Windows agent or install and activate new Cloud Agents on Windows endpoints.

Download and Configure Cloud Agents for EDR

Enable EDR in CA Configuration Profile

Identify Windows Agents that need EDR Activation (optional)

Roles and Permissions

Note: You must upgrade to Cloud Agent version 4.1 and above to utilize all the EDR functionality.

Detect and Investigate

The EDR UI gives you the power and flexibility to search and filter incidents detected by EDR, and system events and details provided by the cloud agent.

Investigation and Response

Hunting Tutorial

View Event Details

Use QQL tokens to Search

Configure Rule Based Alerts for Events

Respond and Prevent

Remediate malicious File, Process, Mutex, and Network events.

Remediation Action

User Activity

Customizable Dynamic Dashboards

Dashboards help you visualize your assets, see your threat exposure, leverage saved searches, and remediate priority of malicious/suspicious events quickly.

We have integrated Unified Dashboard (UD) with EDR. UD brings information from all Qualys applications into a single place for visualization. UD provides a powerful new dashboarding framework along with platform service that will be consumed and used by all other products to enhance the existing dashboard capabilities.

You can use the default EDR dashboard provided by Qualys or easily configure widgets to pull information from other modules/applications and add them to your dashboard. You can also add as many dashboards as you like to customize your vulnerability posture view.

Global Dashboard Permissions

Your access to Unified Dashboard depends on the global permissions granted to you from the Admin utility. Refer to the Online Help in the Admin utility for information on Global Dashboard Permissions.

Note: When you assign the Global Dashboard permissions to a role, the Global Dashboard permissions override the module-specific dashboard permissions. As a result, the module-specific dashboard permissions are ignored.

Quickly get custom views