Extended Detection and Response (XDR)

In solution-based licensing, this functionality is part of the Security and RMM protection pack and the Ultimate protection pack.

In service-based licensing, this functionality is part of the Endpoint Detection and Response offering item, which in turn is part of the Cyber Protection service.

You must enable the Endpoint Detection and Response (EDR) functionality in a protection plan for XDR to work.

XDR is a protection layer on top of EDR that adds enrichment and response capabilities through connected integrations. XDR works exclusively with EDR incidents. It does not ingest data from third-party sources independently.

When XDR integrations are active, the Incident Graph extends to include external nodes sourced from those integrations, such as identity, email, and firewall data. You can then respond to incidents with actions specific to each integration, such as blocking email senders, suspending user accounts, or blocking firewall traffic.

XDR is compatible with workstations, servers, virtual machines, and web hosting servers.