This group includes tags that start with the level edr. These tags identify data generated by Endpoint Detection and Response (EDR) systems.
Company | Product/Service | Data tables |
|---|
Carbon Black Endpoint Detection and Response
edr.carbonblack.alertedr.carbonblack.binaryedr.carbonblack.feededr.carbonblack.ingressedr.carbonblack.watchlist
More info about these parsers
Crowdstrike Endpoint Detection & Response
edr.crowdstrike.cannonedr.crowdstrike.cannon.associateindicatoredr.crowdstrike.cannon.associatetreeidwithrootedr.crowdstrike.cannon.asepvalueupdateedr.crowdstrike.cannon.channelversionrequirededr.crowdstrike.cannon.dnsrequestedr.crowdstrike.cannon.endofprocessedr.crowdstrike.cannon.neighborlistip4edr.crowdstrike.cannon.networkconnectip4edr.crowdstrike.cannon.otheredr.crowdstrike.cannon.processrollup2edr.crowdstrike.cannon.processrollup2statsedr.crowdstrike.cannon.sensorheartbeatedr.crowdstrike.cannon.syntheticprocessrollup2edr.crowdstrike.falconedr.crowdstrike.falconstreaming.agentsedr.crowdstrike.falconstreaming.auth_activityedr.crowdstrike.falconstreaming.behaviorsedr.crowdstrike.falconstreaming.customer_iocedr.crowdstrike.falconstreaming.detection_summaryedr.crowdstrike.falconstreaming.external_apiedr.crowdstrike.falconstreaming.firewall_matchedr.crowdstrike.falconstreaming.identity_protectionedr.crowdstrike.falconstreaming.idp_detection_summaryedr.crowdstrike.falconstreaming.incidentsedr.crowdstrike.falconstreaming.incident_summaryedr.crowdstrike.falconstreaming.mobile_detection_summaryedr.crowdstrike.falconstreaming.otheredr.crowdstrike.falconstreaming.recon_notification_summaryedr.crowdstrike.falconstreaming.remote_response_sessionedr.crowdstrike.falconstreaming.scheduled_report_notificationedr.crowdstrike.falconstreaming.user_activity_groupsedr.crowdstrike.falconstreaming.user_activity_quarantined_filesedr.crowdstrike.falconstreaming.user_activity_sensor_update_policyedr.crowdstrike.falconstreaming.user_activity_otheredr.crowdstrike.falconstreaming.recon_notification_summaryedr.crowdstrike.falconstreaming.user_activity_devicesedr.crowdstrike.falconstreaming.user_activity_detectionsedr.crowdstrike.falconstreaming.user_activity_prevention_policyedr.crowdstrike.falconstreaming.user_activity_ip_whitelistedr.crowdstrike.falconstreaming.vulnerabilitiesedr.crowdstrike.falconedr.crowdstrike.cannonedr.crowdstrike.cannon.associateindicatoredr.crowdstrike.cannon.associatetreeidwithrootedr.crowdstrike.cannon.asepvalueupdateedr.crowdstrike.cannon.channelversionrequirededr.crowdstrike.cannon.detectionexcludededr.crowdstrike.cannon.dnsrequestedr.crowdstrike.cannon.endofprocessedr.crowdstrike.cannon.neighborlistip4edr.crowdstrike.cannon.networkconnectip4edr.crowdstrike.cannon.otheredr.crowdstrike.cannon.processrollup2edr.crowdstrike.cannon.processrollup2statsedr.crowdstrike.cannon.sensorheartbeatedr.crowdstrike.cannon.syntheticprocessrollup2
More info about these parsers
Cylance PROTECTÂ
edr.cylance.appedr.cylance.auditedr.cylance.deviceedr.cylance.memoryedr.cylance.scriptedr.cylance.threats
More info about these parsers
Microsoft Defender Endpoint
edr.microsoft_defender.endpoint.softwareedr.microsoft_defender.endpoint.vulnerabilitiesedr.microsoft_defender.endpoint.alertsedr.microsoft_defender.endpoint.assessment_software_vulnerabilitiesedr.microsoft_defender.endpoint.assessment_software_inventoryedr.microsoft_defender.endpoint.investigationsedr.microsoft_defender.endpoint.assessment_secure_configurationedr.microsoft_defender.endpoint.machinesedr.microsoft_defender.endpoint.recommendations
ObserveIT Insider Threat Detection
edr.observeit.events
Palo Alto Cortex XDR
edr.paloalto.cortex_xdredr.paloalto.cortex_xdr_agent
More info about these parsers
Symantec Endpoint Detection & Response
edr.symantec.events
Cylance Blackberry
edr.blackberry.cylance.usersedr.blackberry.cylance.policiesedr.blackberry.cylance.threatsedr.blackberry.cylance.optics_detectionsedr.blackberry.cylance.optics_detections_rulesedr.blackberry.cylance.optics_detections_exceptions