This release is an add-on for Trellix Endpoint Detection and Response (EDR) with Forensics that expands and provides additional on-prem capabilities such as Historical Search.
-
New features
- Trellix EDR Telemetry Store - Virtual Appliance - on-prem storage for EDR Trace Data provided by EDR with Forensics using Data Exchange Layer (DXL)
- Historical Search module 1.0.7 for the Forensic Appliance (HX): To search events in the EDR Telemetry Store
- API access to the Historical Search making it possible to integrate with third-party solutions
-
Enhancements
- EDR with Forensics ePO extension version 2.1.1.60 updated for Registered Servers to include the EDR Telemetry Store
- EDR with Forensics ePO extension version 2.1.1.60 updated for Registered Servers to include the EDR Telemetry Store
- Leverage current EDR with Forensics Client
- The EDR Telemetry Store can ingest Trace Data from the current EDR with Forensics Client version 50.1 and later
This release directly addresses core on-prem EDR challenges by introducing key capabilities:
- Rapid Investigation: Conduct investigations quickly with no impact on endpoint performance to uncover the full narrative behind an alert.
- Threat Hunting: Find hidden adversaries and understand the full scope of an attack.
- Enhanced Visibility: Provide visibility into additional event types.
The following product documentation is available for this release:
- Release Notes and Product Guide: EDR with Forensics (EDRF) Documentation.
Trellix EDR with Forensics on-prem add-on is available now through the Product Downloads site and ePO Software Catalog. It is available based on the license entitlement and is located in the group "Trellix EDR with Forensics On-Prem - Add-On 25.11".
Note: To receive information about product updates, sign up for the Support Notification Service.
For instructions, see the Thrive Portal User Guide and navigate to Profile and Settings > My Settings > Manage Support Notification Services (SNS) subscription preferences.