HarfangLab’s EDR boasts a comprehensive set of features for leveraging collected data to support investigation and remediation efforts.
This enables analysts to gain a clear understanding of activities within the information system and to trace the origin of events and take appropriate action: whether it’s verifying suspicions, conducting investigations, blocking threats, or strengthening protection…
- Visibility of all security event information (detection methods, linked events, parent and child processes, etc.) for effective correlation,
- Multiple options to block or interrupt processes, isolate endpoints, delete files or services,
- Investigation tasks to enrich data and trace the origin of an incident to reinforce protection,
- Dynamic filtering to exploit data directly on the platform,
- Aggregation of alert and telemetry data for easy exploitation.