EDR / XDR
As part of our comprehensive and integrated Endpoint Protection Platform, these solutions bring together device intelligence across your enterprise network. They come in aid of your incident response teams' effort to investigate and respond to advanced threats.
Important
EDR and XDR availability and their capabilities differ depending on your license. For more information, refer to Features distribution.
Working with incidents
The Incidents section helps you filter, investigate and take actions on all security events detected by Incidents Sensor over a specific time interval.
Note
Only GravityZone users with management rights on the entire company have access to this section.
This section contains the following pages:
Incidents: view and investigate incidents.
Blocklist: manage blocked files from incidents.
Search: query the security events database.
Custom detection rules: create custom rules for detections
Custom exclusion rules: create custom rules for exclusions
Note
Availability and functioning of these features may differ depending on the license included in your current plan.