Document toolbox

Endpoint Detection and Response

Owned by Juan Tomás Alonso Nieto (Deactivated)

Jul 06, 2022

1 min read

This group includes tags that start with the level edr. These tags identify data generated by Endpoint Detection and Response (EDR) systems.

Company	Product/Service	Data tables

Company	Product/Service	Data tables

Carbon Black Endpoint Detection and Response

edr.carbonblack.alert
edr.carbonblack.binary
edr.carbonblack.feed
edr.carbonblack.ingress
edr.carbonblack.watchlist

More info about these parsers

Crowdstrike Endpoint Detection & Response

edr.crowdstrike.cannon
edr.crowdstrike.cannon.asepvalueupdate
edr.crowdstrike.cannon.channelversionrequired
edr.crowdstrike.cannon.dnsrequest
edr.crowdstrike.cannon.endofprocess
edr.crowdstrike.cannon.neighborlistip4
edr.crowdstrike.cannon.networkconnectip4
edr.crowdstrike.cannon.other
edr.crowdstrike.cannon.processrollup2
edr.crowdstrike.cannon.processrollup2stats
edr.crowdstrike.cannon.sensorheartbeat
edr.crowdstrike.cannon.syntheticprocessrollup2

More info about these parsers

Cylance PROTECT

edr.cylance.app
edr.cylance.audit
edr.cylance.device
edr.cylance.memory
edr.cylance.script
edr.cylance.threats

More info about these parsers

Fireeye Endpoint Detection & Response

edr.fireeye.alerts

More info about these parsers

Minerva Labs anti-evasion platform

edr.minervalabs

More info about these parsers

ObserveIT Insider Threat Detection

edr.observeit.events

Palo Alto Cortex XDR

edr.paloalto.cortex_xdr
edr.paloalto.cortex_xdr_agent

More info about these parsers

Symantec Endpoint Detection & Response

edr.symantec.events