Getting started with Symantec Endpoint Detection and Response

The following table lists the steps that help you to get started with Symantec Endpoint Detection and Response (EDR).
Getting started with Symantec EDR
Step
Action
Description
Step 1
Subscribe to EDR
Sign on to your Symantec Security Cloud account and subscribe to the Symantec EDR service from the Symantec Endpoint Protection Console.
Getting Started with Symantec Endpoint Security
Step 2
Configure EDR
Apply the Endpoint Detection and Response policy and configure Endpoint Activity Recorder to record and search events on the endpoints.
Step 3
Investigate for threats
View the system generated widgets and KPIs or create your own search queries to filter events for further analysis.
Step 4
Analyze events
Drill down the events to find the depth of the compromise or potential attack methods adopted to invade your network. You can analyze the event better with the following processes:
Step 5
Respond to threats or malicious events
Choose an appropriate response for the malicious event from the following list: