Endpoint Detection and Response

This group includes tags that start with the level edr. These tags identify data generated by Endpoint Detection and Response (EDR) systems.

Company	Product / service	Valid tags
	Carbon Black Endpoint Detection and Response	`edr.carbonblack.alert` ^+info `edr.carbonblack.binary` ^+info `edr.carbonblack.feed` ^+info `edr.carbonblack.ingress` ^+info `edr.carbonblack.watchlist` ^+info
	Crowdstrike Endpoint Detection & Response	`edr.crowdstrike.cannon` ^+info `edr.crowdstrike.cannon.asepvalueupdate` ^+info `edr.crowdstrike.cannon.channelversionrequired` ^+info `edr.crowdstrike.cannon.dnsrequest` ^+info `edr.crowdstrike.cannon.endofprocess` ^+info `edr.crowdstrike.cannon.neighborlistip4` ^+info `edr.crowdstrike.cannon.networkconnectip4` ^+info `edr.crowdstrike.cannon.other` ^+info `edr.crowdstrike.cannon.processrollup2` ^+info `edr.crowdstrike.cannon.processrollup2stats` ^+info `edr.crowdstrike.cannon.sensorheartbeat` ^+info `edr.crowdstrike.cannon.syntheticprocessrollup2` ^+info
	Cylance PROTECT	`edr.cylance.app` ^+info `edr.cylance.audit` ^+info `edr.cylance.device` ^+info `edr.cylance.memory` ^+info `edr.cylance.script` ^+info `edr.cylance.threats` ^+info
	Fireeye Endpoint Detection & Response	`edr.fireeye.alerts` ^+info
	Minerva Labs anti-evasion platform	`edr.minervalabs` ^+info
	ObserveIT Insider Threat Detection	`edr.observeit.events`
	Palo Alto Cortex XDR	`edr.paloalto.cortex_xdr` ^+info `edr.paloalto.cortex_xdr_agent` ^+info
	Symantec Endpoint Detection & Response	`edr.symantec.events`