Endpoint Threat Detection and Response (EDR)
SanerNow provides the necessary infrastructure to detect an on-going attack within the network and respond to it.
SanerNow supports STIX/TAXII, OpenIOC and Yara and can be fed Threat Intelligence from available sources to detect Indicators of Compromise (IoC). You can also execute queries based on attack symptoms to investigate abnormal behavior or detect an on-going attack on the network.
If an attack is in progress, you can take various mitigation actions, including blocking the execution of an application or executable, killing a process, cleaning registry entries, terminating a network connection, quarantining files, cleaning up startup folders and temp folders. Vulnerabilities can be easily linked to an exploit or an attack to apply a more permanent remediation strategy of rolling out security patches.
SanerNow allows you to add and manage threat feeds. By default, SanerNow has a default threat feed supplied by SecPod. Threat feeds must be in the JSON format before they can be imported into SanerNow. Registry and file checks, and md5sum checks are performed for threat feeds.
To access the EDR tool:
- Logon to SanerNow using your SanerNow credentials.
- Select an account that you wish to administrate. A dashboard with the summary view of the account is displayed.
Click the SanerNow icon on the header. Click the EDR icon. The EDR dashboard is displayed.
To read the full article, please open the below pdf attachment.