Configure EDR settings
Click to view navigation pane

Home

Configure EDR settings

This option allows you to configure the settings and enable the EDR application for a Cloud Agent using this configuration profile. 

- To enable this option, toggle Enable EDR module for this profile to ON.

EDR Settings.

-Set the values for the following parameters under the Configuration header to define operational settings for a Cloud Agent using this profile.

Max event log size - EDR events are transmitted to the Qualys Cloud platform when the EDR event log file reaches the maximum specified size. You can specify a log file size between 1024 KB and 10240 KB. The default value for this parameter is 2048 KB. This value can be lower if the Payload threshold time is lower.

Payload threshold time - The Payload threshold time is measured since the last payload is sent to the Qualys Cloud Platform. When the EDR Payload threshold time is reached, EDR events are sent to the Qualys Cloud Platform. You can specify a Payload threshold time between 180 seconds and 1800 seconds. The default value for this parameter is 300 seconds. It is recommended to keep this value lower to prevent data loss on busy systems.

Maximum disk usage for EDR Data - This is the maximum disk available to a Cloud Agent for caching EDR events to be sent to the Qualys Cloud Platform for processing. If the maximum size is reached, the oldest events are deleted in order to create space for newly generated events. You can specify a disk usage size between 500 MB and 5120 MB. The default value for this parameter is 1024 MB.

Enable and Disable Anti-malware Protection

You can enable or disable Anti-malware Protection for a profile using the toggle available next to this option.

Disable Anti-Malware Protection confirmation.

By default, Anti-malware Protection is enabled if you have subscribed for the EDR application. To disable this option, toggle Anti-malware Protection to OFF. The Cloud Agent UI shows the Confirmation dialog box, to avoid unintentional disabling of this option. Click Confirm to disable the Anti-malware Protection

Note: Qualys EDR can co-exist with other anti-malware software. However, it is recommended to uninstall other anti-malware software for smooth operations of your system.