Use this guide to learn about Kandji EDR and how it works
What is covered in this guide:
Endpoint Detection & Response (EDR) functionality is available for Mac devices assigned to Blueprints containing Avert. This new library item turns on EDR functionality in a Blueprint — you don't need to install additional software. You can view identified threats in the Kandji web app on the Threats page and the device record page.
Note: The Endpoint Detection & Response SKU add-on is required to use the Accessory & Storage Access Library Item. However, the Avert Library Item is not required to be assigned to the device Blueprint in order to deploy this Library Item.
Access the new Threats page by clicking Threats in the left-hand navigation bar of the Kandji web app. This page lists the total number of Threat events affecting your Mac devices across the designated Blueprints containing Avert, along with information such as device impacted, threat name, classification, the process responsible for the Threat event, detection date, and status. Kandji Avert categorizes Threat events as “Malware” or “Potentially Unwanted Programs” (PUP).
The Threats page also provides filters to filter by Classification and Status quickly. Click the disclosure triangle to the left of a Threat event to reveal additional information, including detection and quarantined dates, path, hash, and user information. A similar view is available on the device record page for individual devices.
Device Record Page
The device record page provides a total count of detected threat events on the device. To view the detected threat events, click the Threats tab.
Click the disclosure triangle to the left of a Threat event in the Threats tab to reveal additional information, including detection and quarantined dates, path, hash, and user information.
Please see the Endpoint Detection & Response - Understanding Threat Events support article to learn more about Threat events.