What is OpenEDR?
In this article, we will talk about the open source OpenEDR technology. In the first article of the series, we will tell you what OpenEDR is, how to install it, the integration of devices and the features that the login screen offers us.
We would like to point out that it is a product under the Xcitium company, formerly known as Comodo.
OpenEDR takes its name from the acronym for Introducing Open Source Endpoint Detection and Response. You can experience this technology for free within the Xcitium Platform. OpenEDR offers its users an advanced, free, open-source endpoint detection and response solution.
Miter provides real-time event correlation with ATT&CK visibility and a detection for root cause analysis of enemy threat activity and behavior.
We have mentioned EDR technologies in our previous articles. To remember or to have detailed information, you can take a look at our previous article before reading the rest of the article.
How to Install OpenEDR?
You can access OpenEDR first from https://www.openedr.com/ and go to the tab where you will register from the Get Started for Free button. While registering, it will also ask you to log in with the 2FA feature for extra security. After your mail activation comes, you can easily log in to the system.
When we enter the system, a highly developed interface welcomes us. For the Classic Interface, it will give you a notification below, and from there you can use the features you want with a different interface.
It consists of six main titles as Security, Managed security, Assets, Software Inventory, management and Settings. In the first article of our series, we will talk about the Assets module.
To integrate your devices, you can do it from the Devices tab in the Assets module. What you need to do here is to select and download the desired operating system as seen in the image below. While installing the downloaded agent, you can complete the installation process by clicking next->next.
Assets Module
As mentioned above, the Assets module provides a module that enables you to set up, perform user operations, and manage your device.
You can create users from the user management section under the Assets module. You also have the option of assigning roles according to the competencies of the users you want to take part in. In addition, after adding users, you can follow the control of the added device, which features are turned on, eg (EDR, AV) here.
After adding users, you can create a group and separate your users on a group basis. The advantage of this is that when we want to apply a procedure to our devices, it provides usage and time advantage if it is divided into groups.
Aşağıdaki görselde yine kullanıcı ve grup oluşturma aşamalarını görebilirsiniz.
We'll cover our procedure setting topic in the next post in our series.
After adding the devices, you can view the devices from the Devices tab in the same module. You can run the procedure again on the device you want to process.
In addition, other features that you can process are given below, respectively.
- Enroll Device,
- Remote Control,
- File Transfer,
- Remote Tools,
- Run Procedure,
- Manage Profiles,
- Install or Manage Packages,
- Refresh Device Information,
- Power Options,
- Owner,
While all options are available for Windows devices, Remote Control, File Transfer, Remote Tools, Run Procedure, and Power Options options are not active for Linux operating systems.
You are required to download a small setup file to use the Remote Control Feature. You can easily access the device remotely with the installed application by proceeding this process as next-> next.
With the ComoRemoteControl application, you can see your devices as in the image below, and you can easily use them for file sharing or creating files on a remote computer from the right.
- You can also perform the above operation from the Remote Control Tools feature, but you can also get Command Promp or Powershell authorization in this tab. We have supported the mentioned features for you with the images below. Although doing the same operation in two places may cause confusion, it provides convenience in terms of using tabs for your needs.
- The last feature we will transfer to you under the Assets mode is the Network Management feature. Under this module, you must first create a discovery task from the Create Discovery option in the discovery tab. When creating Discovery, you have the ability to select multiple devices that you have added to the system before. You can separate them as a group if you wish. It will ask you to specify the Discovery type during the creation phase, in this section you can optionally select it as SNMP. Then you can go to the details by clicking on the relevant device. Users should first apply the options offered in the Auto Enrollment option.
The reason why the interface you see below is different is due to the ability to switch to the other interface option that we mentioned at the beginning.
After specifying various tasks here, you can also specify the start date and time if you wish.
For now, we are ending the features that we will transfer to you from the Assets module in this article. We will continue to convey the remaining features to you in the rest of the series.
If you wish, you can also complete the trainings on the XCitiumAcademy site and get your certificate to understand the use of OpenEDR.
For those who are interested, you can go to the link: https://www.xcitiumacademy.com/resource-center/index#Case%20Studies%20&%20White%20Papers
