Introduction
This type is installed as a software agent in network hosts. Agents export risky security behaviors from hosts and sends to central Ravin service to be analyzed and correlated with other network events. This service is categorized as Ravin host layer sensor
Benefits of using Ravin EDR
- Ability to be used in different windows platforms
- Using standard protocol for communication with security operation center as Ravin SIEM
- Transparency and ease of use
Features
Tracking of kernel level activities | |
Tracking and recording events related to processes | |
Tracking and recording file system events | |
Windows registry events record and tracking | |
Services tracking and recording events | |
Collect system events and send to Ravin SIEM | |
Usage
Ravin EDR Usages
- Identify high-risk and suspicious behaviors at the level of sensitive hosts such as the organization’s servers
- Collect sensitive host-level events and send them to the Security Operations Center (Ravin SIEM)