Welcome
EDR Agent Monitor ties together a Windows agent, an AWS serverless API, and a React SOC console so teams can detect risky activity, review evidence, and use AI + optional VirusTotal enrichment.
| What | Where |
|---|---|
| This documentation | document.ravisarode.com |
| Operator console | console.ravisarode.com |
Read this first
Start like a commercial EDR administration guide (e.g. FortiEDR — Introducing):
- Introducing EDR Agent Monitor — components, how it works, doc map.
- Using the workflow — analyst steps from login to investigation.
Then:
- How the system works — one detection from Sysmon to dashboard row.
- Web console — features & screens — every tab, event modal, AI, rules, admin (with screenshots).
- Agent desktop — WPF tabs, IST time, upload behavior.
- AI & enrichment — Bedrock analysis, chat, VT, correlation.
Installation and hosting are under Architecture & concepts and Deploy & host.
Audience
| Role | Suggested path |
|---|---|
| Analyst / SOC | Console features, AI & enrichment |
| Endpoint admin | Detection pipeline, Agent desktop |
| Engineer | From agent to console, Backend overview |
Technical truth is always the source code in the GitHub repo; this site explains behavior and operator experience.
Academic background
This system was developed as part of an M.Tech (Cyber Security) project at IIIT Kottayam (AI-Driven EDR with RAG-Powered Automation, Nov 2025). A short alignment of the thesis with this documentation—problem statement, objectives, Sysmon scope, agent layers, and future work—is on Thesis context.