Endpoint Defense
Centrally monitor activity occurring on your organization's endpoints. Windows session logs, file system activity and process records are gathered in a single platform; meaningful events are routed to your team.
Broad
Monitoring Coverage
Included
Incident Management
Long-Term
Log Retention
One Panel
Central Management
Endpoint Security Features
Windows Session Monitoring
Successful and failed logon attempts, remote desktop connections and account changes are logged. Every event is linked to a user, source IP and timestamp.
File System Activity
File access, modification and deletion are tracked. Mass deletions or suspicious file movements occurring in a short window are queued as events.
Process Tracking
Applications and processes running on endpoints are logged. Unusual process behavior is evaluated through SOAR rules.
Insider Threat Visibility
Behaviors such as off-hours access, bulk file copying or deletion, and unauthorized folder access are flagged with priority.
SOAR Integration
Detected endpoint events are routed directly to the incident management queue. Your team is notified automatically when defined rules trigger.
Central Logging & Retention
All endpoint events are collected in a central log store. Records covered by BTK 5651 are included in the audit archive and retained for the legally required period.
Monitored Events
Security Log
Logon — successful
Username, time, source IP and session type are recorded.
Logon — failed
The rule engine triggers when the failed-attempt threshold is exceeded.
Access Log
Remote desktop connection (RDP)
Source IP, user and connection duration are tracked.
File and object access
Read, write and access attempts on critical directories are logged.
Audit Log
Object deletion
Bulk deletion operations are monitored against a rule threshold.
Security log clearing
A high-priority alert is generated when the Windows security log is cleared.