WELCOME!

Hands-On Lab: Protecting Endpoints with Xcitium OpenEDR.

https://www.openedr.com

Xcitium OpenEDR is a free, open-source endpoint protection and response (EDR) system. Like typical EDR systems, Xcitium OpenEDR follows a client-server model: a centrally managed server hosts a security program, and an accompanying client program runs on each endpoint. This client program, or agent, sends information such as logs, local machine data, and malware scan results to the server. With the server EDR program, the server administrator analyzes this information to defend endpoints from malware and additional threats.

Learning objectives

After completing this lab, I am now able to:

• Set up the Xcitium cloud manager
• Add an endpoint device to the OpenEDR system
• Locate endpoint data in the cloud manager
• Manage endpoint patches from the cloud manager
• Scan an endpoint for malware and find the results in the cloud manager

Prerequisites

• A smartphone with an authenticator application installed.
• One or more devices to use as an endpoint.

Some examples of common authenticator applications include the following programs:

- Google Authenticator

- Microsoft Authenticator

- LastPass Authenticator

- 2FAS — *Downloaded in the App Store and used for this lab (shown below)

Note: The device must be an internet-enabled computer, tablet, or smartphone with one of the following operating systems (OSs) installed:

- Windows

- MacOS

- Linux

- iOS

- Android

For the sake of this lab, I set up endpoint protection on the same device that I used to explore the cloud manager. But for a more realistic experience, use a separate device as your endpoint.

Overview

In this lab, I gained skills in handling and safeguarding endpoints with Xcitium OpenEDR. I started by configuring the Xcitium cloud manager, a tool for overseeing and controlling endpoints. After that, I incorporated two endpoints into the EDR system: my Mac OS and iOS device. I then grasped the process of utilizing the cloud manager to access security data for the endpoints and managing their protection settings. Lastly, I acquired knowledge about scanning endpoints for malware and locating the scan outcomes within the cloud manager interface.

Here’s a view of the OpenEDR interface after logging in, along with a sneak peek at some of the platform’s notable features as I navigated through the platform:

After creating an account, installing the software and enrolling my devices as instructed, the OpenEDR cloud manager is deployed and ready for use. My next step is to add one or more endpoints, which I completed (shown above)

The Audit pane provides an overview of the endpoints that OpenEDR is monitoring. It displays information such as the operating systems and device types. It also displays the number of corporate-owned devices versus personal devices, which would require different compliance rules to ensure they meet enterprise guidelines. (shown above)

Note: Depending on your device update status, you might not have any results. More entries will appear over time as patches become available.

Next, let’s secure the OS!

As you can see below, it’s as easy as 1,2,3 — where I selected my endpoint device (MacOS) to scan and check for viruses.

Conclusion

And violà -

I just learned how to manage an endpoint using an endpoint protection and response system. I did so by setting up the Xcitium cloud manager and established a connection between this cloud manager and an endpoint device. Next, I used the cloud manager to examine the endpoint’s security data and manage its patches.

Thank you for dropping by — I look forward to sharing more content!