HarfangLab EDR is an endpoint detection and response solution designed to simplify the work of cybersecurity teams while protecting endpoints across Windows, Linux and macOS. Detection engines are embedded directly into agents on endpoints to ensure protection is as close as possible to the threat, preserving endpoint performance and maintaining remediation capacities even when devices are offline. The platform supports both Cloud and On-Premises deployments with full feature parity and updates that do not require endpoint reboots. HarfangLab combines open, editable detection rules (YARA and Sigma) with a continuously optimised CTI process that delivers regular rule updates (via MISP) and lifecycle monitoring. AI engines — Ashley for early unknown-threat detection and Kio for natural-language assistance to analysts — enrich detection and investigation workflows. The console provides deep investigation capabilities (visibility into detections, linked events and process trees), actions to block or interrupt processes, isolate endpoints, delete files/services, run investigation jobs and a remote shell for scripted remediation. A correlation engine consolidates related events into single alerts to reduce alert fatigue, and a fully API-driven architecture enables broad interoperability and data aggregation for advanced correlation and reporting.
HarfangLab EDR is API-driven and built for interoperability. It supports connectors and integrations with common cyber stack components, rule updates via MISP, and open detection formats (YARA, Sigma) for easy sharing of threat intelligence and seamless data correlation across tools.
HarfangLab is a cybersecurity company specializing in advanced threat detection and response solutions. They focus on providing innovative security technologies to protect organizations from sophisticated cyber threats.
