Skip to main content

EDR / XDR

As part of our comprehensive and integrated Endpoint Protection Platform, these solutions bring together device intelligence across your enterprise network. They come in aid of your incident response teams' effort to investigate and respond to advanced threats.

Important

EDR and XDR availability and their capabilities differ depending on your license. For more information, refer to Features distribution.

Working with incidents

The Incidents section helps you filter, investigate and take actions on all security events detected by Incidents Sensor over a specific time interval.

Note

Only GravityZone users with management rights on the entire company have access to this section.

This section contains the following pages:

  • Incidents: view and investigate incidents.

  • Blocklist: manage blocked files from incidents.

  • Search: query the security events database.

  • Custom detection rules: create custom rules for detections

  • Custom exclusion rules: create custom rules for exclusions

Note

Availability and functioning of these features may differ depending on the license included in your current plan.