Welcome to

Endpoint Detection and Response Help

Proactively detect, investigate, and respond to advanced threats across your endpoints with a single, unified Qualys agent.

What is EDR

Qualys Endpoint Detection and Response (EDR) is a cloud‑based security solution that continuously monitors endpoint activity to detect malicious behavior, investigate security incidents, and respond to threats in real time.
EDR captures detailed system events across endpoints to identify indicators of compromise (IoCs), confirm the presence of known and unknown malware, and support rapid investigation and remediation actions.

Built on the Qualys Cloud Platform, EDR uses the same single Qualys Cloud Agent already deployed for asset management, vulnerability assessment, and patching—eliminating the need for separate endpoint agents and consoles.

How does EDR work

Key Features of EDR

Real‑Time Endpoint Activity Monitoring

⟳

Continuously capture endpoint telemetry (processes, files, network connections) to detect suspicious activity and advanced threats.

Learn More →

Investigation & Threat Hunting

⟳

Hunt across your environment and investigate incidents using Qualys Query Language (QQL) and rich event context.

Learn More →

Automated Response & Remediation

⟳

Contain and remediate threats by blocking files and stopping processes directly from the console.

Learn More →

Multi‑Vector EDR + Malware Protection

⟳

Benefit from integrated antimalware capabilities to deliver prevention, detection, and response with one agent and one console.

Learn More →

Encrypted File Recovery

⟳

Restore files quickly after ransomware attacks using automatic backup and recovery of encrypted data.

Learn More →

EDR Journey: From Deploying Agent to Remediation

1

Deploy and Activate Agents

Install and activate the Qualys Cloud Agent for EDR to begin collecting endpoint telemetry.
2

Monitor and Detect Activity

Continuously collect real‑time endpoint data and detect suspicious behavior and threats.
3

Investigate and Hunt

Search and analyze events, hunt for indicators of compromise, and understand attacker behavior.
4

Respond and Remediate

Contain incidents, remediate malicious activity, and reduce attacker dwell time with automated and manual response actions.

How do I get started with EDR

Prerequisites

Install the Qualys Cloud Agent on supported endpoints and enable EDR in the agent configuration profile.

Learn More →

Roles and Permissions

Configure user roles and permissions to control access to EDR investigations and response actions.

Learn More →

Dashboards and Reporting

Use interactive dashboards and widgets to visualize incidents, trends, and endpoint risk across your environment.

Learn More →

EDR APIs

Get started with EDR APIs to automate threat investigation and response and integrations.

Learn More →

Get Started Now →

Looking for something else?

Get the most out of your Qualys EDR with these helpful resources.

Training Videos Knowledge Base Articles Blogs Support Product Tours