How to Deploy Open EDR

Thanks for the reply. Not sure why I didn’t get a notification of the response. How is this being offered for free?

Sorry I don’t understand the question. Can you please expand?

I have the same question with @mdiorio.

I am trying to find an alternative to paid EDRs and compare a paid one with some open source ones.

I am seeing that OpenEDR is free to use and open source, but having it on your cloud makes it tricky. It is at least suspicious or too good to be true.

If this is the case then your work is amazing and you are really helping the community.

EDR - Endpoint Detection & Response is a foundational technology. It gives us great visibility as you know.
There are many components to it.
Endpoint code
Central Management module
Rule Generation (there has to be a team/people generating rules) teams
Storage of all the telemetry
and so on…
Its a personal opinion, so in my view having the Agent Code local (it has to be local anyway) but central management and storage Cloud is the best way architecturally. Of course respecting Data Residency issues while providing this cloud as we do.

Cloud has a cost, especially the storage aspect. Of course it wouldn’t be fair to expect unlimited cloud storage on unlimited endpoints for free.
So the Cloud Platform Xcitium has provided running OpenEDR does provide 3 days of FIFO storage for unlimited endpoints for free.

With all that, you get a Cloud platform to manage all your devices, and Cloud platform has other bells & whistles as well like Remote Desktop and so on and you get to have 3 days of continuous (FIFO) storage of all your telemetry.

The alternative is: You can always spin up your own ELK for central management, but it is more cumbersome.

when it comes to helping the community

Cybercrime is a global issue, it takes a village to raise kids, as the saying goes. Fighting cybercrime, cyber warfare should be a community effort. We believe in a win-win situations like creating accessible foundational technology like EDR so that people who are not in a position to pay those high fees for licenses can have access to technology as well as providing an environment for the community and sponsors to benefit…win-win for everyone!

1 Like

I agree that it has a cost! Thats why I am wondering.

Thanks for the clarification!
I am so happy I found this community!

1 Like

you get 3 day worth of storage (FIFO) for free.
What people do, they start with that and if they think they need more they buy extra storage capacity from the sponsor platform (xcitium) (fairly cost effectively).

Thanks, it seems fair.

Can I have a question?

I also got the error “Installation failed (Unsupported OS version)” and I read here that I can change the version of EDR to a previous stable one.

Windows version: 10.0.17763 Build 17763
Xcitium Endpoint Detection and Response v.
Installation failed (Unsupported OS version)

I managed to install the previous one 2.5.4, but i was wondering if we know when the update will take place so we can have the new version?

Thank you again

Windows version: 10.0.17763 Build 17763 is officially out of support by Microsoft, That version has only LTS which does not have necessary security updates for Azure Code Signing Support. So It can only be used with the previous version of EDR which does not use new Code Signing mechanism.

1 Like

So do you not support EDR installed on Windows Server versions? I’m trying to install it on Server 2016 Standard and getting Unsupported OS version.

Not correct, I mean that specific version only. We do support Windows Servers with newer versions

Hi, Can i install edr client on linux now? Please help me

hi @khanhmrc

We do not support Linux yet but we are working on it. I shall update you once received any feedback on the same.

Thank you

1 Like

Hello @nivedithab ,
I have some problems. I want to install Xcitium Cwatch-Sensor for my endpoint.
I followed the instructions here: Introduction.
But I don’t know default username and password to login in cwatch-sensor. I want to configure the network for sensor.

Please help me.
Thank you very much

Hello @khanhmrc , here is what you need.

Please let me know if you have any other question.

1 Like

Thank you so much for your kind support!

Hi @ilgaz,
I have a problem implementing sensor to windows server, this is my network model:
Biểu đồ không có tiêu đề.drawio
I deployed this model on VMWare.
On the cwatch sensor, I have two interfaces: NAT to connect to the internet (ip, host-only to connect to the Windows Server ( machine

On the windows server machine, I only have 1 interface which is host-only (IP… But when I try to connect to the internet from the cWatch sensor, there is no connection, and neither does the Windows server. Is this model problematic?
The purpose I implement this model is to filter the attacks of sqli, xss, lfi, … for the web server because I did not find any function on OpenEDR that can filter attacks on the web server.
I’m a beginner so I don’t know how to solve this problem. Please help me, thank you very much