EDR (Endpoint Detection and Response)

GPTKB entity

Predicate	Object
gptkbp:instanceOf	gptkb:cybersecurity_technology
gptkbp:abbreviation	gptkb:Endpoint_Detection_and_Response
gptkbp:category	information security incident response threat detection endpoint protection
gptkbp:coinedBy	Anton Chuvakin
gptkbp:component	endpoint security
gptkbp:detects	gptkb:malware insider threats fileless attacks suspicious behavior
gptkbp:enables	automated response threat hunting manual response
gptkbp:introducedIn	2013
gptkbp:mainVendors	gptkb:CrowdStrike gptkb:Bitdefender gptkb:Symantec gptkb:McAfee gptkb:Trend_Micro gptkb:SentinelOne gptkb:Sophos gptkb:Microsoft_Defender_for_Endpoint
gptkbp:monitors	endpoint devices
gptkbp:notableCollection	network activity event logs telemetry data process information file activity
gptkbp:provides	forensic analysis incident response real-time monitoring threat detection
gptkbp:purpose	detect and respond to cyber threats on endpoints
gptkbp:relatedTo	gptkb:XDR_(Extended_Detection_and_Response) gptkb:security SIEM (Security Information and Event Management)
gptkbp:requires	centralized management console endpoint agent
gptkbp:supports	gptkb:Windows gptkb:macOS gptkb:Linux mobile devices
gptkbp:usedBy	security teams
gptkbp:bfsParent	gptkb:Bitdefender_GravityZone
gptkbp:bfsLayer	7
https://www.w3.org/2000/01/rdf-schema#label	EDR (Endpoint Detection and Response)