Endpoint Detection and Response

Endpoint Detection and Response

This is a licensed feature. Contact your Netskope sales representative to enable this on your tenant.
Next Generation API Data Protection will not support any 3rd party Endpoint Detection & Response (EDR). When you configure a severity-based remediation action for threat quarantine, there will be no option to select a remediation endpoint. You cannot configure a remediation profile under Policies > Threat Protection. As an alternative, you can leverage and perform the same actions using Netskope Cloud Exchange. For more information, see:
Carbon Black Plugin for Threat Exchange
CrowdStrike Plugin for Threat Exchange

Certain applications allow admins to query and collect data, like clients installed on each individual system in your network. The applications also have the capability to protect and mitigate against threats by performing actions on your systems. These applications provide indicators of compromise (IOC) data and trigger remediation to protect integrated systems from getting infected from attacks found by Netskope Threat Protection. 

Endpoint Detection and Response (EDR) applications monitor endpoints for suspicious activity and provide visibility into malware and other cyber threats. Netskope supports Carbon Black and CrowdStrike for EDR integrations. A Standard Threat Protection license is required.

Upon detection, EDR alerts appear in the Netksope UI on the Skope IT Pages.

Share this Doc

Endpoint Detection and Response

Or copy link

In this topic ...