Does EDR also monitor internal vulnerabilities?

An EDR does not monitor vulnerabilities

Neither the CrowdStrike EDR module nor SentinelOne supports active detection of software vulnerabilities. This is an optional add-on.

• CrowdStrike offers the Spotlight module.

• SentinelOne offers the Vulnerability Management module.

These modules are not included by default with standard EDR protection. They require an additional subscription. If you do not subscribe to one of these modules, you must continue manual monitoring:

• You must continue your own vulnerability monitoring

• Continue your internal monitoring, analysis, and patching processes

Existing add-ons

If you subscribe to one of these modules, monitoring is performed automatically for you:

• You benefit from automatic detection of known vulnerabilities present on endpoints. This data is provided in near real-time because the agent is deployed on the endpoints.

• The interface indicates which patches to apply.

Please note: even with a subscription to one of these add-ons, you will still need to perform correction actions manually (update, patch, etc.).