Configure Endpoint Detection and Response

For supported software information, click here.

Endpoint detection and response (EDR) is a cybersecurity technology that monitors and responds to threats coming from endpoint devices such as laptops, mobile phones, and internet-of-things (IoT) devices. EDR primarily detects advanced threats that can evade front-line defenses and successfully enter the network environment. By collecting and aggregating data from endpoints and other sources, EDR can identify suspicious behavior and alert administrators to eliminate the threat before it can spread.

Concerto integrates with the following EDR vendors:

• CrowdStrike
• Microsoft Defender

To configure EDR on Concerto:

1. From the Tenant home page, click Configure in the left menu bar.
2. Select Security Service Edge > Partner Integration > Endpoint Detection & Response.
   
   Note that for Releases 12.1.1 and earlier, the Partner Integration Profile folder is located at Configure > Security Service Edge > Settings.
   
   
   
   The following screen displays with the CrowdStrike tab selected by default.
   
   
3. Enter information for the following fields.
    

   Field	Description
   Enabled	Click the slider to enable the EDR vendor.
   Tenant ID	Enter the tenant ID that was generated by the EDR vendor.
   Client ID	Enter the client ID that was generated by the EDR vendor.
   Client Secret	Enter the client secret that was generated by the EDR vendor.
   Cloud Region	(For CrowdStrike only.) Enter the region of the CrowdStrike instance.
   Poll Interval	Enter the time, in minutes, between polling actions. Range: 10 through 1440 seconds Default: None

4. Click Save.
5. Click the Microsoft Defender tab to configure Microsoft Defender, if needed. The fields are the same as those for CrowdStike, except for the Cloud Region field, which is only available for CrowdStrike.