Home
Security
QRadar
EDR
Reviews file source code prior to full execution and stops files from running if malicious code is detected.
Allows certain detection and autonomous operation capabilities even when endpoints are offline.
Detects and correlates alert information, including an attack’s root cause, risk assessment and MITRE ATT&CK framework.
Enables real-time, whole-infrastructure search for indicators of compromise (IOC), binaries and behaviors. Automated data mining facilitates the discovery of dormant threats.
Enables remote gathering of forensic information for an investigation, which helps support forensic analysis and reconstruction of an attacker’s activities.
Helps analysts identify potential threats with metadata-based analysis to expedite triage. Enables detection and prevalence analysis of alert artifacts to discover new binaries as soon as they’re activated.
Analyzes file behaviors for detecting imminent attacks and can stop malicious processes from executing.
Uses heuristics and signature-based prevention.
Enables the creation of custom-built detection, response and remediation playbooks through automation.
Provides direct API access to the QRadar EDR engines, which is useful for automating workflows and integrating with external platforms.
Enables an AI-powered alert management system that autonomously handles alerts. It can learn an analyst’s decision instantly after seeing a given alert only once.
Uses near real-time, behavioral-based anomaly detection and response capabilities to help protect organizations from advanced malware attacks and threats.
Endpoints
Node Type x 3
CPU/Cores x3
Memory x3
Local disk x3
1,000/45 million events
Master/worker hybrid
8
24G
300GB
3,000/95 million events
Master/worker hybrid
12
48G
300GB
5,000/150 million events
Master/worker hybrid
24
64G
300GB
10,000/300 million events
Master
4
16GB
300GB
Worker
36
64GB
300GB
15,000/400 million events
Master
4
16GB
300GB
Worker
38
64GB
300GB
*Prices shown are indicative, may vary by country, exclude any applicable taxes and duties, and are subject to product offering availability in a locale.
Suggested network
Notes
Installation
Backups
*Prices shown are indicative, may vary by country, exclude any applicable taxes and duties, and are subject to product offering availability in a locale.
Integrate QRadar EDR with IBM QRadar SIEM to enrich your SIEM logs with high-fidelity endpoint alerts and no impact to your EPS count.
Integrate QRadar SOAR and QRadar EDR to escalate cases originating from users, endpoint devices and IT assets.