> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rad.security/llms.txt
> Use this file to discover all available pages before exploring further.

# EDR Integrations

> Connect Endpoint Detection and Response tools with RAD Security for comprehensive threat visibility.

Integrate RAD Security with Endpoint Detection and Response (EDR) platforms to gain comprehensive visibility across endpoints, containers, and cloud workloads.

## Benefits

<CardGroup cols={2}>
  <Card title="Unified Threat View" icon="shield-check">
    Correlate endpoint threats with runtime container and cloud activity
  </Card>

  <Card title="Cross-Platform Detection" icon="network-wired">
    Detect attacks that span endpoints, containers, and cloud infrastructure
  </Card>

  <Card title="Enhanced Context" icon="magnifying-glass-chart">
    Enrich EDR alerts with container and cloud runtime context
  </Card>

  <Card title="Coordinated Response" icon="bolt">
    Orchestrate response actions across endpoint and cloud environments
  </Card>
</CardGroup>

## Supported Integrations

<AccordionGroup>
  <Accordion title="Microsoft Defender" icon="microsoft">
    **Status:** Available

    [View Setup Guide →](/rad-security/integrations/edr/microsoft-defender-setup)

    Connect with Microsoft Defender for unified Windows and cloud security.

    **Key Features:**

    * Windows endpoint detections
    * Azure workload protection
    * Threat and vulnerability management
    * Incident correlation
  </Accordion>

  <Accordion title="CrowdStrike Falcon Insight" icon="crow">
    **Status:** Available

    [View Setup Guide →](/rad-security/integrations/edr/crowdstrike-falcon-insight-setup)

    Integrate with CrowdStrike Falcon Insight for advanced endpoint detection and response.

    **Key Features:**

    * Endpoint detection data
    * Container runtime protection
    * Threat intelligence feeds
    * Automated response actions
  </Accordion>

  <Accordion title="SentinelOne Singularity" icon="shield">
    **Status:** Available

    [View Setup Guide →](/rad-security/integrations/edr/sentinelone-singularity-setup)

    Integrate SentinelOne Singularity for AI-powered endpoint protection and response.

    **Key Features:**

    * Endpoint detections
    * Behavioral AI analysis
    * Automated remediation
    * Deep visibility data
  </Accordion>

  <Accordion title="Sophos Endpoint" icon="shield-check">
    **Status:** Available

    [View Setup Guide →](/rad-security/integrations/edr/sophos-endpoint-setup)

    Connect Sophos Endpoint for comprehensive endpoint protection and response.

    **Key Features:**

    * Endpoint threat detection
    * Deep learning malware protection
    * Exploit prevention
    * Active adversary mitigations
  </Accordion>

  <Accordion title="Tanium EDR" icon="network-wired">
    **Status:** Available

    [View Setup Guide →](/rad-security/integrations/edr/tanium-edr-setup)

    Integrate Tanium EDR for real-time endpoint visibility and response.

    **Key Features:**

    * Real-time endpoint data
    * Threat detection and hunting
    * Incident response
    * Compliance monitoring
  </Accordion>

  <Accordion title="Iru" icon="computer">
    **Status:** Available

    [View Setup Guide →](/rad-security/integrations/edr/iru-setup)

    Connect Iru to import endpoint inventory and device details for correlation with container and cloud runtime activity.

    **Key Features:**

    * Managed device inventory
    * Device detail enrichment
    * API token authentication
    * Least-privilege permission model
  </Accordion>

  <Accordion title="MalwareBytes ThreatDown" icon="shield-virus">
    **Status:** Available

    [View Setup Guide →](/rad-security/integrations/edr/malwarebytes-threatdown-setup)

    Connect with MalwareBytes ThreatDown for advanced malware detection and removal.

    **Key Features:**

    * Malware detection and removal
    * Ransomware protection
    * Exploit mitigation
    * Real-time threat intelligence
  </Accordion>
</AccordionGroup>

## Use Cases

<AccordionGroup>
  <Accordion title="Container-to-Host Attacks" icon="server">
    Detect when container compromises attempt to escape or affect the host system.

    Correlate container runtime activity from RAD Security with endpoint detections from your EDR.
  </Accordion>

  <Accordion title="Lateral Movement Detection" icon="arrows-left-right">
    Identify lateral movement that spans endpoints and containerized workloads.

    Track attacker progression across your hybrid infrastructure with unified visibility.
  </Accordion>

  <Accordion title="Supply Chain Attacks" icon="boxes-stacked">
    Detect compromised software components affecting both endpoints and containers.

    Identify when malicious dependencies or images are deployed across your environment.
  </Accordion>

  <Accordion title="Coordinated Incident Response" icon="user-shield">
    Respond to incidents across endpoints and cloud workloads from a single platform.

    Execute containment and remediation actions coordinated between EDR and RAD Security.
  </Accordion>
</AccordionGroup>

## Integration Architecture

RAD Security can integrate with EDR platforms through:

<Steps>
  <Step title="API Integration">
    Bi-directional API integration for event sharing and response orchestration
  </Step>

  <Step title="Event Streaming">
    Stream EDR events to RAD Security for correlation and analysis
  </Step>

  <Step title="Threat Intelligence">
    Share indicators of compromise (IoCs) between platforms
  </Step>

  <Step title="Response Actions">
    Trigger EDR response actions based on container and cloud detections
  </Step>
</Steps>

## Getting Started

<Steps>
  <Step title="EDR API Access">
    Generate API credentials in your EDR platform with appropriate permissions
  </Step>

  <Step title="Add Integration">
    Configure the EDR integration in RAD Security's Data Sources section
  </Step>

  <Step title="Configure Event Types">
    Select which EDR event types to ingest and correlate
  </Step>

  <Step title="Test Connection">
    Verify events are flowing and correlation is working correctly
  </Step>
</Steps>

## Next Steps

<CardGroup cols={2}>
  <Card title="Runtime Security" icon="shield" href="/rad-security/integrations/runtime-security">
    Learn about RAD's container runtime security
  </Card>

  <Card title="Alerts & Incidents" icon="bell" href="/rad-security/platform/workspace">
    Configure correlated alerts and incident management
  </Card>
</CardGroup>