**Note: The name of your Endpoint is using the name of your Personal Computer (PC).**
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2026-01/U5M1OurakBQg9l9M-hehe-4.png) Or the client can access the endpoint in the "**Control Panel**" as well to isolate it or uninstall the Endpoint Detection and Response (EDR) but be wary, **Endpoint Detection and Response (EDR)** is a separate application process of the AQUILA Agent Endpoint therefore do not uninstall the **Endpoint Detection and Response (EDR).** If the client decides to uninstall it, please contact ***| **Protection Type ** | **OS Support ** | **Detect ** | **Prevent** | **Description ** |
| **Malware ** | Windows, macOS, Linux | β | Blocks known malicious executables and scripts at runtime. | |
| **Ransomware ** | Windows | β | Detects rapid file changes and unauthorized encryption activity. | |
| **Memory Threats ** | Windows, macOS, Linux | β | Prevents memory-based attacks like process injection or ROP chains. | |
| **Malicious Behavior ** | Windows, macOS, Linux | β | Stops suspicious techniques such as abnormal child processes or LOLBins. | |
| **Credential Hardening ** | Windows | Enabled | Protects credentials by preventing unauthorized LSASS access. |
| **Event Type ** | **Windows ** | **macOS ** | **Linux ** | **Description ** |
| **API ** | β | β | Logs sensitive API calls that may indicate injection or system tampering. | |
| **DLL & Driver Load ** | β | β | Captures DLL/driver loading to detect unsigned or malicious code injection. | |
| **DNS ** | β | β | Records DNS queries/responses to spot C2, tunneling, or data exfiltration. | |
| **File ** | β | β | β | Monitors file creation, deletion, and modification to detect malware or ransomware. |
| **Network ** | β | β | β | Logs connections, ports, and protocols to uncover C2 traffic or lateral movement. |
| **Process ** | β | β | β | Tracks process execution, parent/child relationships, and suspicious spawns. |
| **Registry ** | β | β | β | Detects persistence or tampering with critical Windows registry keys. |
| **Security ** | β | β | β | Captures login attempts, privilege changes, and policy modifications. |
| **Event Type ** | **Description ** | **Use Case ** | **Example ** |
| **API Events** | Capture system-level API calls made by processes. These events show how applications interact with the OS, libraries, and security-sensitive functions. | Detect process injection, privilege escalation, exploitation attempts, or use of unusual APIs by non-standard processes. | A Microsoft Office process (WINWORD.EXE) invokes VirtualAllocEx and WriteProcessMemory to inject code into another process. |
| **DLL & Driver Load Events** | Record the loading of DLLs into user processes and drivers into the OS kernel. Includes path, signature status, and process context. | Detect unsigned or suspicious DLLs/drivers, DLL search order hijacking, and kernel-level rootkits. | An unsigned driver is loaded during system boot, or a legitimate app loads a DLL from a non-standard directory. |
| **DNS Events ** | Log all DNS lookups and responses, showing which domains are queried and by which process. | Detect C2 callbacks, malware beaconing, DNS tunneling, and suspicious domain resolution. | A process repeatedly queries random subdomains of example\[.\]com, suggesting DGA (Domain Generation Algorithm) use. |
| **File Events ** | Monitor file activity: creation, modification, deletion, renaming, and read access. Includes metadata like file path, hash, and process context. | Detect ransomware encryption, malware staging (dropping executables), tampering with sensitive files, or unauthorized access. | A process writes multiple .encrypted files in rapid succession in a userβs documents folder. |
| **Network Events** | Capture TCP/UDP connections, ports, IPs, protocols, and process responsible. | Detect outbound connections to malicious infrastructure, lateral movement inside a network, or data exfiltration attempts. | PowerShell initiates a connection to a known malicious IP over port 443 with unusual payload size. |
| **Process Events** | Record process lifecycle: creation, termination, parent-child relationships, command-line arguments, and integrity info. | Detect abnormal parent-child chains, privilege escalation, process hollowing/injection, and script-based attacks. | explorer.exe launches powershell.exe with a Base64-encoded command to download a payload. |
| **Registry Events** | Log modifications to Windows Registry, including key creation, deletion, and value changes. | Detect persistence mechanisms, system tampering, and security feature bypasses. | Malware creates HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\malware.exe for auto-start persistence. |
| **Security Events ** | Record security-related activity: authentication attempts, user/group changes, privilege assignments, and policy alterations. | Detect brute force attacks, privilege abuse, unauthorized access, and security control disabling. | Multiple failed login attempts followed by a successful login with a privileged account. |
| **DLP Purpose** | **Description** | **DLP Detect** |
|---|---|---|
| **Identify Sensitive Data** | Finds confidential or regulated information (PII, PHI, PCI, IP). | Recognizes sensitive data using patterns, keywords, regex, file classification, or ML. |
| **Monitor Data Usage** | Observes how data is accessed, edited, or transferred. | Flags unusual or risky user activities (e.g., mass copying or emailing). |
| **Prevent Unauthorized Data Transfer** | Ensures data doesnβt leave the organization improperly. | Detects attempts to send data via email, USB, cloud apps, or printing. |
| **Protect Against Data Breaches** | Reduces risk from insiders, malware, or accidents. | Alerts on anomalous access or large data movement. |
| **Enforce Security Policies** | Ensures compliance with regulations (GDPR, HIPAA, PCI). | Detects policy violations automatically. |
| **Control Data Flow** | Manages how data moves inside/outside the network. | Detects data movement patterns and unauthorized destinations. |
| **Provide Visibility & Reporting** | Offers logs and insights for audits/investigations. | Detects events and logs all data-related activities. |
| **Category / Purpose** | **Description** | **Detect** |
|---|---|---|
| **Identify System Weaknesses** | Finds flaws in software, hardware, or configurations that attackers could exploit. | Scans for outdated software, missing patches, weak configurations, known CVEs. |
| **Assess Security Posture** | Evaluates how secure an environment is against threats. | Runs vulnerability assessments, baseline checks, and compliance scans. |
| **Detect Misconfigurations** | Finds incorrect or insecure setup of systems or applications. | Identifies open ports, weak permissions, default passwords, insecure protocols. |
| **Find Network Vulnerabilities** | Looks for weaknesses within network infrastructure. | Scans firewalls, routers, switches, exposed services, and network paths. |
| **Identify Application Vulnerabilities** | Locates flaws in web and software applications. | Detects OWASP Top 10 issues (XSS, SQL Injection, CSRF, etc.). |
| **Detect Unauthorized Access Paths** | Finds hidden or unintended ways attackers could enter the system. | Identifies backdoors, exposed APIs, weak authentication paths. |
| **Continuous Monitoring** | Ongoing observation for new or emerging vulnerabilities. | Uses automated scanning, SIEM alerts, threat intelligence feeds. |
| **Risk Prioritization** | Determines which vulnerabilities are most dangerous. | Rates vulnerabilities using CVSS scores and exploit likelihood. |