EclecticIQ Endpoint Response
Deep endpoint telemetry enables detection, response, and eradication of threats in support of security operations, incident response, and compliance.
EclecticIQ Endpoint Response is the most performant and cost-effective Incident Response (IR) weapon in the market. Preloaded, custom and community-driven detection rules aligned with MITRE ATT&CK framework and native YARA rules and IOC matching, fed by comprehensive data from all endpoints for accurate out-of-the-box threat reporting. The open and extensible API allows for easy integration with your existing security stack and workflow.
Why choose endpoint response?
Main Capabilities
-
Comprehensive, low-impact monitoring of Windows, macOS, and Linux endpoints
The EclecticIQ Endpoint Response osquery-based agent and Windows Extension provides analysis into file, process, users, registry, and network events for all server and workstation endpoints.
-
Unparalleled breadth of response capabilities allows for quick isolation, investigation, and remediation
Deploy predefined or custom remediation scripts, stop processes on the endpoint, and control network settings for the endpoint leveraging the single investigation & response agent. -
Minimize disruption in your workflow and increase analyst adoption
No new console required. Use our comprehensive REST API to easily integrate into your existing toolchain. Implement custom functionality for your use cases. Everything you need to identify, investigate, and remediate IOCs is available through the EclecticIQ Endpoint Response API.
Endpoint Agent Features
-
Low Footprint
Optimized single-agent architecture using targeted collection to minimize resource usage.
Read moreOptimized single-agent architecture using targeted collection to minimize resource usage.
-
Anti-virus Integration and Management
Seamless integration and management of Windows Defender AV and Microsoft Anti-Malware Scanning Interface (AMSI).
Read moreSeamless integration and management of Windows Defender AV and Microsoft Anti-Malware Scanning Interface (AMSI).
-
Multi-operating System Support
Support for Windows, Linux and macOS desktops, servers and cloud workloads.
Read moreSupport for Windows, Linux and macOS desktops, servers and cloud workloads.
-
SQL-based Live and Scheduled Queries
Simplify endpoint investigations with easy-to-use ... Read more
Simplify endpoint investigations with easy-to-use SQL-based live and scheduled queries.
-
Deep Forensic Visibility
Access to historical and in-memory forensic artifacts and unmatched breath of telemetry with fine-grained control for targeted ... Read more
Access to historical and in-memory forensic artifacts and unmatched breath of telemetry with fine-grained control for targeted collection.
-
Live Terminal
Reduce time to response and remediation with direct access to the endpoint live terminal.
Read moreReduce time to response and remediation with direct access to the endpoint live terminal.
-
Threat Detection and Compliance Engine
Multi-variate detection capabilities based engine with anti-malware integration, rules, MITRE ATT&CK, IOC and YARA.
Read moreMulti-variate detection capabilities based engine with anti-malware integration, rules, MITRE ATT&CK, IOC and YARA.
-
Application Control and Blocking
Rule-based pre-emptive threat prevention and application control.
Read moreRule-based pre-emptive threat prevention and application control.
-
Advanced Response
Pre-built and customizable response actions that work even during an active attack.
Read morePre-built and customizable response actions that work even during an active attack.
Endpoint Controller and Web Console Features
-
Fleet Management
Enterprise-level endpoint management and configuration capabilities.
Read moreEnterprise-level endpoint management and configuration capabilities.
-
Telemetry Caching and Forwarding
Configurable for optimized local or cloud storage of telemetry data to prevent duplication.
Read moreConfigurable for optimized local or cloud storage of telemetry data to prevent duplication.
-
Alert Management and Investigations
Reduced time for incident triage with access to contextual telemetry enrichment.
Read moreReduced time for incident triage with access to contextual telemetry enrichment.
-
Multiple Detection Capabilities
Support for standard detection formats including commercial threat feeds, YARA, ... Read more
Support for standard detection formats including commercial threat feeds, YARA, osquery Rules, and atomic Indicators (IOCs).
-
Enterprise Hunting and Response
Hunt for knowns and unknowns through predefined and customizable Live and Saved Queries.
Read moreHunt for knowns and unknowns through predefined and customizable Live and Saved Queries.
-
MITRE ATT&CK Technique Mapping
Detection engine aligned with the MITRE ATT&CK matrix for rapid response to varied attack ... Read more
Detection engine aligned with the MITRE ATT&CK matrix for rapid response to varied attack techniques.
-
Cloud and On-premises Deployment
Flexible deployment options available to support Docker, Virtual Machines, and Cloud environments.
Read moreFlexible deployment options available to support Docker, Virtual Machines, and Cloud environments.
Threat Intelligence Packs Features
-
Managed Detection Content
Seamlessly manage and collaborate on detection content through the open and shareable osquery Pack format.
Read moreSeamlessly manage and collaborate on detection content through the open and shareable osquery Pack format.
-
Out-of-the-box Pack Library
Large detection library for immediate identification of known malicious and suspicious behavior across the enterprise.
Read moreLarge detection library for immediate identification of known malicious and suspicious behavior across the enterprise.
Integrations and API/SDK Features / integration into existing SOC technologies
-
SIEM Integration
Forward alerts and telemetry data to industry leading SIEM providers.
Read moreForward alerts and telemetry data to industry leading SIEM providers.
-
Intelligence Feeds
Connect with commonly used commercial intelligence feeds to expand rapid and impactful use of CTI.
Read moreConnect with commonly used commercial intelligence feeds to expand rapid and impactful use of CTI.
-
API for Playbook Creation and SOAR Integration
Extend capabilities beyond Endpoint Response with feature rich API and documented SDK.
Read moreExtend capabilities beyond Endpoint Response with feature rich API and documented SDK.
Related Packages
-
EclecticIQ Endpoint Response for Incident Responders
Turbocharge your IR practice with a cost-friendly offering that includes generous initial rollout allowances, rapid deployment and assessment capabilities, and built-in response capabilities to minimize time to remediation.
Download Product Description -
EclecticIQ Endpoint Response for MSSPs
EclecticIQ helps MSSPs succeed with a single lightweight agent that provides both extensive multi-OS data collection and analysis as well as comprehensive response capabilities – all with lower CapEx and OpEx outlays than traditional EDR tools.
Download Product Description