Getting started with Symantec Endpoint Detection and Response

The following table lists the steps that help you to get started with Symantec Endpoint Detection and Response (EDR).
Getting started with Symantec EDR
Step 1
Review the EDR overview documentation
Step 2
Configure EDR
Apply the Endpoint Detection and Response policy and configure Endpoint Activity Recorder to record and search events on the endpoints. See:
Step 3
Investigate for threats
View the system generated widgets and KPIs or create your own search queries to filter events for further analysis. See:
Step 4
Analyze events
Drill down the events to find the depth of the compromise or potential attack methods adopted to invade your network. You can analyze the event better with the following processes:
For more information, see:
Step 5
Respond to threats or malicious events
Choose an appropriate response for the malicious event from the following list: