- At this point, your end-users should have already installed the sensor/agent/installer to their computer/pc/laptop and it is successfully running. If they haven't, this article might have the information on step by step guide on how to self-install the sensor/agent/installer package to their computer/pc/laptop.
- The Endpoint Protection with EDR and Threat Intelligence powered by Crowdstrike will automatically facilitate remediation and response to any detection of threats to your environment.
The Endpoint Protection with EDR and Threat Intelligence powered by Crowdstrike uses its endpoint sensor/agent/installer to detect ransomware/malware behaviors and then terminates the offending process before it can accomplish its goal of encrypting files.
This is done using CrowdStrike Indicator of Attack (IoA) patterns on the endpoint. These work both online and offline and are effective against new variants and polymorphic variants of ransomware that often bypass legacy antivirus.
From this Detection by Tactic reporting, you get to see in detail the most detection of the activities and tactics, techniques, and procedures (TTP) that are identified as malicious and produce an alarm. This report delivers contextualized information that includes attribution where relevant, providing details on the adversary and any other information known about the attack.
The report is also available in other views in your dashboard:-
Tactics are the general, beginning-to-end strategies that threat actors use to gain access to valuable systems and information. In other words, this is the “how” of cyber attacks.
From this Detection by tactics reporting, you get to see in detail the most detection of the activities and tactics, techniques, and procedures (TTP) that are identified as malicious and produce an alarm in a graph view, categorized by tactics, filtered to last 7 days.
Activity > Detection by Tactics.