RA1018: Deploy Edr Solution

Summary

ID	RA1018
Brief Description	Deploy an EDR agents on servers and workstations
Author	@SEC
Creation Date	2023/05/20
References	https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-2-WindowsIntrusion.pdf
Response Stage	Preparation

Description

Deploy an EDR solution on endpoints and servers - This tool became one of the cornerstones of the incident response in case of ransomware or in large scale compromise, facilitating identification, containment, and remediation phases. - Launch EDR Search and AV scan with IOC explicit rules and get first indicators for remediation progress following. - Set your EDR policies in prevent mode.