For customers with a Red Canary Threat Investigation subscription, your service includes managed detection and response (MDR) that applies to many security products, expanding investigation capabilities of the supported alerts integrated with Red Canary. Learn more about the MDR Alert Lifecycle.
Alert and telemetry collection for EDR data is built-in with your base subscription and configured during onboarding.
For enhanced detection quality, we recommend configuring the supporting telemetry integrations for each platform in your organization. The following providers are supported for MDR Alert Sources:
Existing MDR (non-Generic) Integrations
| Provider | Supported Platform | Class of Security Data | Ingest Type | New Subscription |
| Amazon Web Services | Cloud | API | MDR Cloud Control Planes | |
| Amazon Web Services | Cloud | API | MDR Cloud Control Planes | |
| Carbon Black | Carbon Black Cloud | EDR | API | MDR Endpoints |
| Carbon Black | Response | EDR | API | MDR Endpoints |
| Cisco | Firepower | Network | MDR Networks | |
| Cisco | Meraki | Network | HTTP | MDR Networks |
| Cisco | Umbrella | Network | MDR Networks | |
| Crowdstrike | Falcon | EDR | API | MDR Endpoints |
| Darktrace | Enterprise Immune System | Network | Email, HTTP | MDR Networks |
| Dragos | Platform | Operational Technology (OT) | Syslog | MDR Networks |
| ExtraHop | Reveal(x) 360 | Network | API | MDR Networks |
| ExtraHop | Reveal X Enterprise | Network | HTTP | MDR Networks |
| Fortinet | Fortigate | Network | Email, Syslog | MDR Networks |
| Workspace | SaaS | API | MDR Email & Productivity Suites | |
| Jamf | Pro/Protect | EDR | API | MDR Endpoints |
| Lacework | Polygraph | Cloud | API | MDR Cloud Control Planes |
| Microsoft | Defender for Cloud | Cloud | API | MDR Cloud Control Planes |
| Microsoft | Defender for Office 365 | API Poll (via Microsoft Graph v2) | MDR Email & Productivity Suites | |
| Microsoft | Microsoft Defender for Endpoint | EDR | API Poll (via Microsoft Graph v2) | MDR Endpoints |
| Microsoft | Azure Active Directory Identity Protection | Identity | API (via Microsoft Graph v2) | MDR Identities |
| Microsoft | Defender for Identity | Identity | API (via Microsoft Graph v2) | MDR Identities |
| Microsoft | Defender for Cloud Apps | Identity | API (via Microsoft Graph v2) | MDR SaaS Applications |
| Microsoft | Office 365 Management API | Aggregate | API |
At least one of the MDR * subscriptions Child logs sources entitled by subscription |
| Microsoft | Azure Sentinel Incidents | SIEM | API | At least one of the MDR * subscriptions |
| Okta | Workforce Identity | Identity | API | MDR Identities |
| Palo Alto | Cortex XDR | EDR | API | MDR Endpoints |
| Palo Alto | PAN-OS | Network | Syslog | MDR Networks |
| Palo Alto | Threat Prevention | Network | Syslog | MDR Networks |
| Palo Alto | Wildfire | Network | Email and Syslog | MDR Networks |
| Proofpoint | Targeted Attack Protection (TAP) | API | MDR Email & Productivity Suites | |
| SentinelOne | Singularity | EDR | API | MDR Endpoints |
Comments
0 comments
Please sign in to leave a comment.