The EDR Remediation Connector in Seqrite XDR is a type of Response Connector that enables automated or manual remediation actions on endpoints directly from XDR playbooks. It allows security teams to quickly contain and neutralize threats by executing functions such as host isolation, process termination, file quarantine, and registry deletion.
What it does?
Automates Response: Executes predefined remediation steps when an incident is detected.
Manual Control: Security analysts can trigger remediation actions directly from the XDR console.
Endpoint-Level Actions: Focuses on controlling and securing compromised endpoints.
Key Functions of EDR Remediation Connector
| Function | Purpose |
|---|---|
| Host Reboot | Restart a compromised endpoint to clear malicious processes. |
| Host Isolation | Disconnect the endpoint from the network to prevent lateral movement. |
| Host Reconnection | Restore connectivity once the threat is neutralized. |
| Process Kill | Terminate malicious or suspicious processes running on the endpoint. |
| File Quarantine | Move infected files into quarantine to prevent execution. |
| Registry Delete | Remove malicious registry entries that enable persistence. |
These actions can be orchestrated through playbooks in Seqrite XDR, ensuring consistent and rapid incident response.