Product overview
EDR Agent Monitor helps security teams detect, record, and review suspicious activity on Windows workstations and servers.
Core capabilities
- Endpoint collection — Process, file, registry, and network signals (via Sysmon and the detection engine).
- Rule-based detection — JSON rules aligned with MITRE ATT&CK categories (execution, discovery, persistence, etc.).
- Central visibility — Events are sent to your AWS backend and appear in the web console.
- AI assistance — Automated analysis (classification, summary, MITRE hints) and follow-up chat on each event, powered by Amazon Bedrock.
- Optional enrichment — VirusTotal file-hash lookups where a hash is available.
URLs (production layout)
| Purpose | Host |
|---|---|
| Documentation (this site) | document.ravisarode.com |
| Operator console (dashboard) | console.ravisarode.com |
Your deployment may use different domains in development; configure DNS and HTTPS to match your environment.
How behavior is documented
For how the product works (Sysmon → rules → upload → console, and every dashboard tab), see How it works and Console features—not only this overview.