Author Archives: lathif md

EDR (Endpoint Detection & Response)- CLOUDSTRIKE-CARBONBLACK→ Secures endpoint devices only (laptops, servers, VMs).→ Focus is endpoint telemetry + detection + containment. Endpoint Detection and Response (EDR): EDR kicks in after a threat bypasses traditional defenses. It provides continuous monitoring, detection, and response capabilities for advanced threats and zero-days. • EDR helps in threat hunting, forensic… Read More »

What are your Daily EDR & SIEM Tasks for answering in Interviews On a daily basis, I monitor SIEM and EDR alerts and quickly triage them to separate real threats from false positives using process trees, log correlation, and user behavior. I respond to endpoint incidents by isolating infected machines, killing malicious processes, and supporting… Read More »