EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

EclecticIQ Endpoint Response

Deep endpoint telemetry enables detection, response, and eradication of threats in support of security operations, incident response, and compliance.

EclecticIQ Endpoint Response is the most performant and cost-effective Incident Response (IR) weapon in the market. Preloaded, custom and community-driven detection rules aligned with MITRE ATT&CK framework and native YARA rules and IOC matching, fed by comprehensive data from all endpoints for accurate out-of-the-box threat reporting. The open and extensible API allows for easy integration with your existing security stack and workflow.

Why choose endpoint response?

  • Single, lightweight agent provides real-time investigation and response capability, imposes low resource overhead, and is available for Windows, macOS, and Linux
  • Access to historical forensic endpoint telemetry enables incident responders to investigate pre-deployment activity
  • Integrates into your existing security stack utilizing comprehensive API
EclecticIQ Endpoint Response Architecture

Main Capabilities

  • Comprehensive, low-impact monitoring of Windows, macOS, and Linux endpoints

    The EclecticIQ Endpoint Response osquery-based agent and Windows Extension provides analysis into file, process, users, registry, and network events for all server and workstation endpoints.

  • Unparalleled breadth of response capabilities allows for quick isolation, investigation, and remediation

    Deploy predefined or custom remediation scripts, stop processes on the endpoint, and control network settings for the endpoint leveraging the single investigation & response agent.
  • Minimize disruption in your workflow and increase analyst adoption

    No new console required. Use our comprehensive REST API to easily integrate into your existing toolchain. Implement custom functionality for your use cases. Everything you need to identify, investigate, and remediate IOCs is available through the EclecticIQ Endpoint Response API. 

Endpoint Agent Features

  • Low Footprint

    Optimized single-agent architecture using targeted collection to minimize resource usage.

    Read more

    Optimized single-agent architecture using targeted collection to minimize resource usage.

  • Anti-virus Integration and Management

    Seamless integration and management of Windows Defender AV and Microsoft Anti-Malware Scanning Interface (AMSI).

    Read more

    Seamless integration and management of Windows Defender AV and Microsoft Anti-Malware Scanning Interface (AMSI).

  • Multi-operating System Support

    Support for Windows, Linux and macOS desktops, servers and cloud workloads.

    Read more

    Support for Windows, Linux and macOS desktops, servers and cloud workloads.

  • SQL-based Live and Scheduled Queries

    Simplify endpoint investigations with easy-to-use ... Read more

    Simplify endpoint investigations with easy-to-use SQL-based live and scheduled queries.

  • Deep Forensic Visibility

    Access to historical and in-memory forensic artifacts and unmatched breath of telemetry with fine-grained control for targeted ... Read more

    Access to historical and in-memory forensic artifacts and unmatched breath of telemetry with fine-grained control for targeted collection.

  • Live Terminal

    Reduce time to response and remediation with direct access to the endpoint live terminal.

    Read more

    Reduce time to response and remediation with direct access to the endpoint live terminal.

  • Threat Detection and Compliance Engine

    Multi-variate detection capabilities based engine with anti-malware integration, rules, MITRE ATT&CK, IOC and YARA.

    Read more

    Multi-variate detection capabilities based engine with anti-malware integration, rules, MITRE ATT&CK, IOC and YARA.

  • Application Control and Blocking

    Rule-based pre-emptive threat prevention and application control.

    Read more

    Rule-based pre-emptive threat prevention and application control.

  • Advanced Response

    Pre-built and customizable response actions that work even during an active attack.

    Read more

    Pre-built and customizable response actions that work even during an active attack.

Endpoint Controller and Web Console Features

  • Fleet Management

    Enterprise-level endpoint management and configuration capabilities.

    Read more

    Enterprise-level endpoint management and configuration capabilities.

  • Telemetry Caching and Forwarding

    Configurable for optimized local or cloud storage of telemetry data to prevent duplication.

    Read more

    Configurable for optimized local or cloud storage of telemetry data to prevent duplication.

  • Alert Management and Investigations

    Reduced time for incident triage with access to contextual telemetry enrichment.

    Read more

    Reduced time for incident triage with access to contextual telemetry enrichment.

  • Multiple Detection Capabilities

    Support for standard detection formats including commercial threat feeds, YARA, ... Read more

    Support for standard detection formats including commercial threat feeds, YARA, osquery Rules, and atomic Indicators (IOCs).

  • Enterprise Hunting and Response

    Hunt for knowns and unknowns through predefined and customizable Live and Saved Queries.

    Read more

    Hunt for knowns and unknowns through predefined and customizable Live and Saved Queries.

  • MITRE ATT&CK Technique Mapping

    Detection engine aligned with the MITRE ATT&CK matrix for rapid response to varied attack ... Read more

    Detection engine aligned with the MITRE ATT&CK matrix for rapid response to varied attack techniques.

  • Cloud and On-premises Deployment

    Flexible deployment options available to support Docker, Virtual Machines, and Cloud environments.

    Read more

    Flexible deployment options available to support Docker, Virtual Machines, and Cloud environments.

Threat Intelligence Packs Features

  • Managed Detection Content

    Seamlessly manage and collaborate on detection content through the open and shareable osquery Pack format.

    Read more

    Seamlessly manage and collaborate on detection content through the open and shareable osquery Pack format.

  • Out-of-the-box Pack Library

    Large detection library for immediate identification of known malicious and suspicious behavior across the enterprise.

    Read more

    Large detection library for immediate identification of known malicious and suspicious behavior across the enterprise.

Integrations and API/SDK Features / integration into existing SOC technologies

  • SIEM Integration

    Forward alerts and telemetry data to industry leading SIEM providers.

    Read more

    Forward alerts and telemetry data to industry leading SIEM providers.

  • Intelligence Feeds

    Connect with commonly used commercial intelligence feeds to expand rapid and impactful use of CTI.

    Read more

    Connect with commonly used commercial intelligence feeds to expand rapid and impactful use of CTI.

  • API for Playbook Creation and SOAR Integration

    Extend capabilities beyond Endpoint Response with feature rich API and documented SDK.

    Read more

    Extend capabilities beyond Endpoint Response with feature rich API and documented SDK.

Learn more

Let our experts show you how to put Intelligence at the core™ of your cyberdefenses.

Get demo Contact Sales
© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo