Skip to end of banner Go to start of banner

Endpoint Detection and Response

Skip to end of metadata

Created by Juan Tomás Alonso Nieto on May 23, 2022

Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

This group includes tags that start with the level edr. These tags identify data generated by Endpoint Detection and Response (EDR) systems.

Company	Product/Service	Data tables

Carbon Black Endpoint Detection and Response

edr.carbonblack.alert
edr.carbonblack.binary
edr.carbonblack.feed
edr.carbonblack.ingress
edr.carbonblack.watchlist

More info about these parsers

Crowdstrike Endpoint Detection & Response

edr.crowdstrike.cannon
edr.crowdstrike.cannon.asepvalueupdate
edr.crowdstrike.cannon.channelversionrequired
edr.crowdstrike.cannon.dnsrequest
edr.crowdstrike.cannon.endofprocess
edr.crowdstrike.cannon.neighborlistip4
edr.crowdstrike.cannon.networkconnectip4
edr.crowdstrike.cannon.other
edr.crowdstrike.cannon.processrollup2
edr.crowdstrike.cannon.processrollup2stats
edr.crowdstrike.cannon.sensorheartbeat
edr.crowdstrike.cannon.syntheticprocessrollup2

More info about these parsers

Cylance PROTECT

edr.cylance.app
edr.cylance.audit
edr.cylance.device
edr.cylance.memory
edr.cylance.script
edr.cylance.threats

More info about these parsers

Fireeye Endpoint Detection & Response

edr.fireeye.alerts

More info about these parsers

Minerva Labs anti-evasion platform

edr.minervalabs

More info about these parsers

ObserveIT Insider Threat Detection

edr.observeit.events

Palo Alto Cortex XDR

edr.paloalto.cortex_xdr
edr.paloalto.cortex_xdr_agent

More info about these parsers

Symantec Endpoint Detection & Response

edr.symantec.events

No labels