EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

EclecticIQ Endpoint Response

Stay ahead of the changing threat landscape with unrivaled real-time visibility, granular filtering of data captured to optimize data storage, and the most powerful response capabilities - all in a single lightweight agent.

EclecticIQ Endpoint Response offers the highest level of visibility into endpoint telemetry - by using the proven open-source telemetry tool osquery as a foundation and adding our own custom extensions on top, achieving in a single agent what would otherwise require multiple tools running in unison. The result? Accurate real-time identification, intelligence-lead prioritization, in-depth forensics, and rapid remediation in a cost-effective package that ultimately provides unmatched value.   

Why choose endpoint response?

  • Complete Visibility - Deep telemetry provides total understanding of the attack surface, and is correlated with third-party intelligence for faster identification and an end to alert overload.
  • Faster Remediation - Investigate in real-time and instantly respond using the same agent, with more remediation tools than any other osquery-based tool on the market.
  • Maximum Value - A single agent designed for integration means lower overhead and less vendors to manage while helping to avoid risky schedules and runaway budgets.
EIQ_EER Architecture Diagram_landscape okt2022 (1)

Main Capabilities

  • Continuous Monitoring

    The optimized, single-agent architecture minimizes resource usage while providing unmatched visibility into file, process, user, registry, kernel, and network events for all endpoints, including historical telemetry for retrohunting. 

  • Powerful Response Arsenal

    Perform actions manually or automate any function, from investigation to forensics to remediation. Deploy predefined or custom scripts, transfer/delete files, control/stop processes, set rule-based blocking and configure network settings on the endpoint. 
  • Flexible & Extensible

    The fully documented REST API seamlessly integrates endpoint data and threat intelligence into existing dashboards and workflows, while the containerized microservice architecture easily scales in cloud environments. 

Endpoint Agent Features

  • Extended Container Visibility

    Detect run-time threats inside containers rather than after-the-fact static analysis when it’s too late. 

    Read more

    Detect run-time threats inside containers rather than after-the-fact static analysis when it’s too late. 

  • Multi-Platform Support

    Data parity across Windows, Linux and macOS operating systems, as well as cloud environments. 

    Read more

    Data parity across Windows, Linux and macOS operating systems, as well as cloud environments. 

  • Kernel-Level Visibility

    Kernel drivers provide enhanced system visibility unavailable to user mode monitoring applications within Windows.

    Read more

    Kernel drivers provide enhanced system visibility unavailable to user mode monitoring applications within Windows.

  • Privileged Escalation Protection

    By monitoring the data sent between pipes, Endpoint Response shuts the door on privilege escalation via named-pipe ... Read more

    By monitoring the data sent between pipes, Endpoint Response shuts the door on privilege escalation via named-pipe impersonation. 

  • Deep Forensic Visibility

    Access to historical, real-time, and in-memory forensic artifacts using fine-grained control of telemetry capture for custom filtered ... Read more

    Access to historical, real-time, and in-memory forensic artifacts using fine-grained control of telemetry capture for custom filtered collection.  

  • Disk Indexing

    Finds files across endpoints based on name, hash, size or any other attributes for enhanced visibility during incident and forensic ... Read more

    Finds files across endpoints based on name, hash, size or any other attributes for enhanced visibility during incident and forensic analysis. 

  • Intelligence-Led Threat Detection

    Intelligence-lead detection engine with anti-malware integration, automatic import of IOCs and YARA rules, and mapping to MITRE ... Read more

    Intelligence-lead detection engine with anti-malware integration, automatic import of IOCs and YARA rules, and mapping to MITRE ATT&CK framework.  

  • Pre-Built Query Packs

    Provides a list of SQL queries recommended given the situation, including incident response, vulnerability management, help desk ... Read more

    Provides a list of SQL queries recommended given the situation, including incident response, vulnerability management, help desk operations, compliance, and container support. 

  • Sovereign Cloud Support

    Scale to 100k endpoints per instance leveraging the containerized, micro-services architecture within your own sovereign cloud ... Read more

    Scale to 100k endpoints per instance leveraging the containerized, micro-services architecture within your own sovereign cloud environment.

Endpoint Controller and Web Console Features

  • Fleet Management

    Enterprise-level endpoint management and configuration capabilities.

    Read more

    Enterprise-level endpoint management and configuration capabilities.

  • Telemetry Caching and Forwarding

    Configurable for optimized local or cloud storage of telemetry data to prevent duplication.

    Read more

    Configurable for optimized local or cloud storage of telemetry data to prevent duplication.

  • Alert Management and Investigations

    Reduced time for incident triage with access to contextual telemetry enrichment.

    Read more

    Reduced time for incident triage with access to contextual telemetry enrichment.

  • Multiple Detection Capabilities

    Support for standard detection formats including commercial threat feeds, YARA, ... Read more

    Support for standard detection formats including commercial threat feeds, YARA, osquery Rules, and atomic Indicators (IOCs).

  • Enterprise Hunting and Response

    Hunt for knowns and unknowns through predefined and customizable queries, including those from the Read more

    Hunt for knowns and unknowns through predefined and customizable queries, including those from the EclecticIQ Endpoint Response Community Exchange.

  • MITRE ATT&CK Technique Mapping

    Detection engine aligned with the MITRE ATT&CK matrix for rapid response to varied attack ... Read more

    Detection engine aligned with the MITRE ATT&CK matrix for rapid response to varied attack techniques.

  • Cloud and On-premises Deployment

    Flexible deployment options available to support Docker, Virtual Machines, and Cloud environments.

    Read more

    Flexible deployment options available to support Docker, Virtual Machines, and Cloud environments.

  • Advanced Cloud Enabled Architecture

    EclecticIQ ... Read more

    EclecticIQ microservices architecture allows for horizontal scaling within cloud architectures. All the value of a SaaS solution without the loss of control SaaS solutions introduce. 

Threat Intelligence Packs Features

  • Managed Detection Content

    Seamlessly manage and collaborate on detection content through the open and shareable osquery Pack format.

    Read more

    Seamlessly manage and collaborate on detection content through the open and shareable osquery Pack format.

  • EclecticIQ Endpoint Response Community Exchange

    Large, ... Read more

    Large, community sourced detection library for immediate identification of known malicious and suspicious behavior across the enterprise. 

Integrations and API/SDK Features / integration into existing SOC technologies

  • SIEM Integration

    Use ... Read more

    Use pre-built apps for popular SIEMs or create purpose-built, extensible solutions to forward alerts and telemetry data to leading providers. 

  • Intelligence Feeds

    Connect with commonly used commercial intelligence feeds to expand rapid and impactful use of CTI.

    Read more

    Connect with commonly used commercial intelligence feeds to expand rapid and impactful use of CTI.

  • API for Playbook Creation and SOAR Integration

    Extend capabilities beyond Endpoint Response with feature rich API and documented SDK.

    Read more

    Extend capabilities beyond Endpoint Response with feature rich API and documented SDK.

Learn more

Let our experts show you how to put Intelligence at the core™ of your cyberdefenses.

Get demo Contact Sales
© 2014 – 2023 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo