Skip to content

EDR and Other Metrics

EDR

  • EDR Alerts Over Time: Displays the frequency of endpoint detection and response (EDR) alerts, aiding in identifying patterns or spikes in activity.
  • EDR by Threat Classification: Categorizes threats detected by the EDR system, such as malware or trojans, which is critical for understanding the threat landscape.
  • EDR by Response Action: Outlines the actions taken in response to EDR alerts, from remediation to isolation, offering insight into the effectiveness of automated responses.

Content Efficiency and Miscellaneous Metrics

  • Incidents Closed by Classification: Segregates incidents into true positives, false positives, and benign positives, reflecting the accuracy of threat detection systems.

  • Incidents Closed by Classification Reason: Provides reasons for incident closure, which can be used to fine-tune detection systems and reduce false positives.

  • Top Offenders - Users & Hosts: Lists users and hosts with the highest number of security incidents, which is useful for targeted security training and system hardening.

  • User Login Activity by Country: Tracks login attempts by country, assisting in identifying unauthorized access from unexpected geographic locations.

Utilization of Reports

Clients are encouraged to use these reports to:

  • Enhance Security Posture: By analyzing threat classifications and response actions.
  • Optimize Incident Response: By reviewing the time and severity of IDS and EDR alerts.
  • Target Training Efforts: By focusing on users and hosts that frequently trigger alerts.
  • Assess Geographic Anomalies: By scrutinizing login activity from different countries.

Conclusion

These metrics collectively offer a multi-faceted view of your organization's security health. For a deeper analysis or to address specific concerns raised by these reports, please contact our SOC team.