XDR installation

The BEST agent needs to be installed on the endpoint with the EDR Sensor module enabled.

If your endpoints already have the BEST agent deployed, you can use a Reconfigure agent task to add the module to the endpoint. For more information, refer to Reconfigure client.

If no agent is installed, you will need to use an installation package to deploy BEST on your endpoints along with all required modules. For more information, refer to Install security agents - standard procedure.

A policy needs to be applied to the endpoint that has the feature enabled in the Incident Sensors page.

For information on how to enable the feature for a specific policy, refer to Incidents sensor.

Each Sensor needs to be integrated with your GravityZone account for data to be received.

A license that includes the XDR feature. On it's own, the XDR feature provides endpoint-to-endpoint correlation, and gathers data from endpoint nodes.

You require licenses for integrating additional sensors. They are grouped by the type of data they process: network, identity providers, cloud workloads, and productivity apps, or are included in specific product licenses.

Depending on your licensing type, you can get access to sensors either through a yearly license, or enabling a specific add-on for your monthly subscription:

You can find a list of compatible licenses under Features by product