Introduction

This type is installed as a software agent in network hosts. Agents export risky security behaviors from hosts and sends to central Ravin service to be analyzed and correlated with other network events. This service is categorized as Ravin host layer sensor

Benefits of using Ravin EDR

  • Ability to be used in different windows platforms
  • Using standard protocol for communication with security operation center as Ravin SIEM
  • Transparency and ease of use

Features

Tracking of kernel level activities
Tracking and recording events related to processes
Tracking and recording file system events
Windows registry events record and tracking
Services tracking and recording events
Collect system events and send to Ravin SIEM

 

Usage

Ravin EDR Usages

  • Identify high-risk and suspicious behaviors at the level of sensitive hosts such as the organization’s servers
  • Collect sensitive host-level events and send them to the Security Operations Center (Ravin SIEM)