We’ve been having an internal discussion in Slack about which EDR (Endpoint Detection & Response) tools are used the most and which are recommended to others getting into the EDR space.
So, which EDR do you use or recommend?
Do you use more than 1 EDR in your environment/organization? If so, why?
If you don’t use EDR, do you use any open-source tools for anomaly detection or threat hunting? If so, which ones?
I personally think a blend of tools/sources is ideal but I’m curious to what the community thinks.