🎯 What is Bitdefender EDR?
Detect
Recognition
Investigate
Analysis
Respond
Reaction
1. EDR Telemetry
📊 Captured Events
- • Process creation & termination
- • File operations
- • Registry changes
- • Network connections
- • PowerShell executions
- • DLL loads
⏱️ Retention
- • Standard: 30 days
- • Extended: Up to 90 days
- • Incidents: Unlimited
2. Investigation Workflow
1
Triage
Assess severity, rule out false positives
2
Analysis
Analyze attack chain, find root cause
3
Response
Containment, remediation, recovery
3. Live Search Queries
🚨 Suspicious PowerShell
process_name:powershell.exe AND (command_line:*-enc* OR command_line:*downloadstring*)🔐 Credential Access
process_name:mimikatz* OR file_path:*\\lsass*🌐 Suspicious Network
network_connection:outbound AND (destination_port:4444 OR destination_port:1337)4. Response Actions
🔒 Isolate Endpoint
Disconnects from network, only GZ communication active
🗑️ Kill Process
Terminates suspicious process immediately
📥 Collect Evidence
Gather memory dump, event logs
🔄 Remote Shell
Secure remote command line
🎯 Tavo-IT EDR Managed Service
24/7 EDR monitoring and incident response as a managed service.
Request Managed EDR →