EDR
Definition
Endpoint Detection and Response (EDR) refers to a cybersecurity solution that monitors end-user devices to detect and respond to cyber threats. EDR systems collect and analyze data from endpoints to identify suspicious activities, providing visibility into potential security incidents. They often include features for threat detection, investigation, and automated response to mitigate risks on endpoints.
Secure Settings Example
edr:
enable: true
logging:
level: verbose
destination: secure-centralized-logging
threat_detection:
real_time: true
anomaly_detection: true
response:
automated_response: true
quarantine: true
updates:
auto_update: true
schedule: daily
Insecure Settings Example
edr:
enable: false
logging:
level: minimal
destination: local-only
threat_detection:
real_time: false
anomaly_detection: false
response:
automated_response: false
quarantine: false
updates:
auto_update: false
schedule: manual