This group includes tags that start with the level edr
. These tags identify data generated by Endpoint Detection and Response (EDR) systems.
Company | Product/Service | Data tables |
---|
Carbon Black Endpoint Detection and Response
edr.carbonblack.alert
edr.carbonblack.binary
edr.carbonblack.feed
edr.carbonblack.ingress
edr.carbonblack.watchlist
More info about these parsers
Crowdstrike Endpoint Detection & Response
edr.crowdstrike.cannon
edr.crowdstrike.cannon.associateindicator
edr.crowdstrike.cannon.associatetreeidwithroot
edr.crowdstrike.cannon.asepvalueupdate
edr.crowdstrike.cannon.channelversionrequired
edr.crowdstrike.cannon.dnsrequest
edr.crowdstrike.cannon.endofprocess
edr.crowdstrike.cannon.neighborlistip4
edr.crowdstrike.cannon.networkconnectip4
edr.crowdstrike.cannon.other
edr.crowdstrike.cannon.processrollup2
edr.crowdstrike.cannon.processrollup2stats
edr.crowdstrike.cannon.sensorheartbeat
edr.crowdstrike.cannon.syntheticprocessrollup2
edr.crowdstrike.falcon
edr.crowdstrike.falconstreaming
edr.crowdstrike.falconstreaming.agents
edr.crowdstrike.falconstreaming.behaviors
edr.crowdstrike.falconstreaming.detection_summary
edr.crowdstrike.falconstreaming.incidents
edr.crowdstrike.falconstreaming.vulnerabilities
edr.crowdstrike.falconstreaming.external_api
edr.crowdstrike.falconstreaming.remote_response_session
edr.crowdstrike.falconstreaming.user_activity_groups
edr.crowdstrike.falconstreaming.user_activity_device_control_policy
edr.crowdstrike.falconstreaming.user_activity_quarantined_files
edr.crowdstrike.falconstreaming.incident_summary
edr.crowdstrike.falconstreaming.customer_ioc
edr.crowdstrike.falconstreaming.user_activity_sensor_update_policy
edr.crowdstrike.falconstreaming.user_activity_other
edr.crowdstrike.falconstreaming.user_activity_devices
edr.crowdstrike.falconstreaming.user_activity_detections
edr.crowdstrike.falconstreaming.user_activity_prevention_policy
edr.crowdstrike.falconstreaming.auth_activity
edr.crowdstrike.falconstreaming.other
edr.crowdstrike.falconstreaming.user_activity_ip_whitelist
More info about these parsers
Cylance PROTECTÂ
edr.cylance.app
edr.cylance.audit
edr.cylance.device
edr.cylance.memory
edr.cylance.script
edr.cylance.threats
More info about these parsers
Microsoft Defender Endpoint
edr.microsoft_defender.endpoint.software
edr.microsoft_defender.endpoint.vulnerabilities
edr.microsoft_defender.endpoint.alerts
edr.microsoft_defender.endpoint.assessment_software_vulnerabilities
edr.microsoft_defender.endpoint.assessment_software_inventory
edr.microsoft_defender.endpoint.investigations
edr.microsoft_defender.endpoint.assessment_secure_configuration
edr.microsoft_defender.endpoint.machines
edr.microsoft_defender.endpoint.recommendations
Palo Alto Cortex XDR
edr.paloalto.cortex_xdr
edr.paloalto.cortex_xdr_agent
More info about these parsers