Solution overview
Products that make up PT XDR
Unique advantages of PT XDR

Solution overview

PT XDR is designed to manage telemetry collection, detect advanced attacks, investigate incidents, and promptly respond to threats. PT XDR collects and enriches data from workstations and servers, allows you to perform static and dynamic threat analysis both on devices and in external systems, identifies complex targeted attacks in the IT infrastructure, and allows you to respond to those attacks both manually and automatically.

  • Unite

    Combines events and context from a variety of information security systems; verifies developments and confirms the fact of the attack.

  • React

    To detect threats in manual or automatic mode, including offline.

  • Automate

    PT XDR helps to reduce the resource requirements of the SOC team by automating routine processes of responding to typical IS threats.

Products that make up PT XDR

02

The complete solution includes 4 products: PT EDR, MaxPatrol SIEM, MaxPatrol VM, PT Sandbox.

1. PT EDR
Responds to detected threats and is an important information provider for SIEM systems, as it enriches events with useful context. The response can occur both manually and automatically, depending on the policy.

2. MaxPatrol SIEM
Convenient and operational configuration management of advanced monitoring tools through a common interface. Event collection is organized centrally, through the PT XDR agent servers.

3. MaxPatrol VM
Local scanning of devices according to a schedule. Collects information to calculate vulnerabilities from devices, including those not connected to the corporate network. Scans in manual mode or by trigger.

4. PT Sandbox
The sandbox allows you to significantly increase the probability of detecting complex malware. The files subject to additional verification are transferred from the agent to the agent server, and then to PT Sandbox for detailed static and behavioral analysis.

03

Unique advantages of PT XDR

  • Deep configuration of detection and response

    PT XDR provides granular customization: you can manage the list of installed modules by adjusting the balance between the depth of detection and the load on the device. Response actions can be set separately for each PT XDR event.

  • Extensibility of functionality

    PT XDR offers the possibility of using custom correlation and YARA rules, as well as data streams from third-party providers when integrating with PT Feeds. The functionality of PT XDR can be expanded with the help of customizable modules for solving any tasks.

  • Integration potential

    PT XDR provides almost unlimited possibilities for integration, including with third-party solutions. Integration is carried out by creating integration modules verified by Positive Technologies or its partners.

Get in touch

Fill in the form and our specialists
will contact you shortly