Malwarebytes Endpoint Detection and Response uses the Flight Recorder feature to search event data captured from all of your managed endpoints to investigate and identify indicators of compromise. You can search data files, registry entries, processes, and networking activity up to the past 30 days to threat hunt or analyze how a compromise occurred in your environment.
NOTICE - By default, Flight Recorder data retention is disabled. Enable this feature by selecting Flight Recorder Search checkboxes for each supported OS in Endpoint Detection and Response policy settings.
Watch this video for an overview of Flight Recorder in OneView:
Features
- Log and monitor event data across endpoints.
- Identify indicators of compromise on endpoints.
- Receive customized data based on search queries for threat analysis.
To search for threats, see Search events with Flight Recorder in OneView.
To Investigate potential threats, see Investigate events with Flight Recorder in OneView.
Return to the Malwarebytes OneView User Guide.