tag:blogger.com,1999:blog-9518042.post2807315229031719469..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: EDR Obviates ComplianceUnknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-9518042.post-52794224147482140462018-06-30T07:21:54.719-05:002018-06-30T07:21:54.719-05:00Nice blog, absolutely such an amazing for the info...Nice blog, absolutely such an amazing for the informative purpose. Windows provide different kind of new features with its updated function. So you need to keep up to date with <a href="http://www.technical-support-number.co.uk/windows-support.php" rel="nofollow">Windows</a> Update.Technical Supporthttps://www.blogger.com/profile/00717304024109778908noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-76609278450850073722018-05-08T19:16:50.469-05:002018-05-08T19:16:50.469-05:00Great stuff, Jared, I appreciate the comment!Great stuff, Jared, I appreciate the comment!H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-65318966280912755482018-05-08T13:41:24.242-05:002018-05-08T13:41:24.242-05:00EDR adds huge visibility at the endpoint both in r...EDR adds huge visibility at the endpoint both in real time along with allowing a historical view (depending on the tool). I've also seen it start to replace full forensic investigations as many critical forensic artifacts can be either analyzed within the tool or retrieved and parsed offline. Examples include registry data at the system and user level (SYSTEM/SOFTWARE/NTUSER.DAT/USRCLASS.DAT, NTFS and NTFS journaling artifacts ($MFT/$USN/$I30).<br /><br />Recommendations: <br /><br />Instrument EDR toolsets to save retrieved data using the EDR's API where available as storage varies by EDR solution.<br /><br />Ingest EDR alerts and detections into a SEIM solution for tracking, metrics, visibility, alerting.<br /><br />Considering deploying EDR widely as soon as possible. Network visibility/Full PCAP likely has a lot of SSL you may not have visibility into. It's also hard to tell where you have any visibility, better safe than sorry.<br />Jared Greenhillhttps://www.blogger.com/profile/09183928416232849587noreply@blogger.com