Endpoint Detection and Response (EDR) is a cybersecurity software solution designed to monitor, detect, and respond to threats on endpoints (like computers, servers, and mobile devices). It provides real-time visibility into endpoint activity, enabling the identification and mitigation of malicious activities before they cause significant damage. EDR provides information about the following metrics:

Event Counts:
It displays the total number of security-related events or incidents that are detected and logged by security systems within a specific period. These events include a wide range of activities, such as: Alert, Virus Malware, Data Loss, WindowsDefenderAtp, etc.
Unique Destination/Endpoint:
It
displays the number
of incidents or events reported for unique destinations or endpoints.
Average Event Duration in Seconds:
Average event duration refers to the average length of time that a security-related event or incident lasts. This metric is typically measured in seconds and helps to understand the impact and severity of security events.
You can click on the
More Info
link available below each metric to get a drill-down view of the event status, severity, and details.
Event Type:
It displays the number of events based on the categories, such as alert, data loss prevention, virus or malware, and infiltration, etc.
Event Status:
It displays the number of events based on
the
current state or progress of the event. It helps in tracking and managing the lifecycle of an event from detection to resolution. The event status has been categorized as new, open, active, resolved, and closed, etc.
Event Action:
It
displays the number of event actions based on the specific response or measure taken in reaction to a security-related event or incident. This action is determined based on the nature and severity of the event and is aimed at mitigating any potential threats or vulnerabilities. Event actions can be categorised as detect, execution, Initial access, and defence evasion, etc.
EDR Data Source:
It displays the number of EDR data sources used to collect the data by EDR systems from various endpoints within a network. The data source for EDR includes MS Defender Cloud, Apex Central, XSIAM, etc.
Unique Endpoints by OS:
It displays the number of unique endpoints based on the operating systems, such as Microsoft Windows, Mac, Linux, etc.
Agent Status:
It displays the number of agents based on the current state or condition. Security agents are software components that monitor and protect devices by detecting and responding to threats. Agent status can be categorized as Active, Inactive, Connected, etc.
Event Severity:
It displays the number of events based on the severity. The Severity can be categorised as follows:
Critical: Priority 5 (Highest)
High: Priority 4
Medium: Priority 3
Low: Priority 2
Informative: Priority 1(Lowest)
Events Over Time
: Displays the number of events over a period in a line graph and tabular format.
For a metric,
you can select the graphical or tabular format from the
Toggle View Mode
option. You can download the information available in the graphical or tabular format in CSV, PNG, and JPG formats by clicking on the
Download Menu
option available in the right corner of each section.