This group includes tags that start with the level edr. These tags identify data generated by Endpoint Detection and Response (EDR) systems.
| Company | Product / service | Valid tags |
|---|
| Carbon Black Endpoint Detection and Response | edr.carbonblack.alertedr.carbonblack.binaryedr.carbonblack.feededr.carbonblack.ingressedr.carbonblack.watchlist
Check more info about these parsers |
| Crowdstrike Endpoint Detection & Response | edr.crowdstrike.cannon
edr.crowdstrike.cannon.asepvalueupdate
edr.crowdstrike.cannon.channelversionrequired
edr.crowdstrike.cannon.dnsrequest
edr.crowdstrike.cannon.endofprocess
edr.crowdstrike.cannon.neighborlistip4
edr.crowdstrike.cannon.networkconnectip4
edr.crowdstrike.cannon.other
edr.crowdstrike.cannon.processrollup2
edr.crowdstrike.cannon.processrollup2stats
edr.crowdstrike.cannon.sensorheartbeat
edr.crowdstrike.cannon.syntheticprocessrollup2
Check more info about these parsers |
| Cylance PROTECT | edr.cylance.appedr.cylance.auditedr.cylance.deviceedr.cylance.memoryedr.cylance.scriptedr.cylance.threats
Check more info about these parsers |
| Fireeye Endpoint Detection & Response | Check more info about these parsers |
| Minerva Labs anti-evasion platform | Check more info about these parsers |
| ObserveIT Insider Threat Detection | |
| Palo Alto Cortex XDR | edr.paloalto.cortex_xdredr.paloalto.cortex_xdr_agent
Check more info about these parsers |
| Symantec Endpoint Detection & Response | |
