XDR
Definition
XDR, or Extended Detection and Response, is a cybersecurity technology that integrates multiple security products into a cohesive system to improve threat detection and response capabilities. It collects and correlates data across various security layers, such as endpoints, networks, and servers, providing a unified view of security incidents. This approach enhances the ability to detect complex threats and reduces the time to respond by automating and streamlining security operations.
Secure Settings Example
xdr:
enable: true
data_sources:
- endpoint
- network
- server
correlation_rules:
- rule_id: "CR-001"
description: "Detect lateral movement"
enabled: true
response_actions:
- action_id: "RA-001"
description: "Isolate compromised endpoint"
enabled: true
logging:
level: "INFO"
retention_days: 90
Insecure Settings Example
xdr:
enable: false
data_sources: []
correlation_rules:
- rule_id: "CR-001"
description: "Detect lateral movement"
enabled: false
response_actions:
- action_id: "RA-001"
description: "Isolate compromised endpoint"
enabled: false
logging:
level: "DEBUG"
retention_days: 7