UniteCombines events and context from a variety of information security systems; verifies developments and confirms the fact of the attack.
ReactTo detect threats in manual or automatic mode, including offline.
AutomatePT XDR helps to reduce the resource requirements of the SOC team by automating routine processes of responding to typical IS threats.
Products that make up PT XDR
The complete solution includes 4 products: PT EDR, MaxPatrol SIEM, MaxPatrol VM, PT Sandbox.
1. PT EDR
Responds to detected threats and is an important information provider for SIEM systems, as it enriches events with useful context. The response can occur both manually and automatically, depending on the policy.
2. MaxPatrol SIEM
Convenient and operational configuration management of advanced monitoring tools through a common interface. Event collection is organized centrally, through the PT XDR agent servers.
3. MaxPatrol VM
Local scanning of devices according to a schedule. Collects information to calculate vulnerabilities from devices, including those not connected to the corporate network. Scans in manual mode or by trigger.
4. PT Sandbox
The sandbox allows you to significantly increase the probability of detecting complex malware. The files subject to additional verification are transferred from the agent to the agent server, and then to PT Sandbox for detailed static and behavioral analysis.
Unique advantages of PT XDR
Deep configuration of detection and responsePT XDR provides granular customization: you can manage the list of installed modules by adjusting the balance between the depth of detection and the load on the device. Response actions can be set separately for each PT XDR event.
Extensibility of functionalityPT XDR offers the possibility of using custom correlation and YARA rules, as well as data streams from third-party providers when integrating with PT Feeds. The functionality of PT XDR can be expanded with the help of customizable modules for solving any tasks.
Integration potentialPT XDR provides almost unlimited possibilities for integration, including with third-party solutions. Integration is carried out by creating integration modules verified by Positive Technologies or its partners.
Get in touch
will contact you shortly