Customers may have a configuration where they decrypt inbound HTTPS traffic using outbound HTTPS traffic.
The questions are:
Does the EDR scan decrypted HTTPS traffic?
How do you scan the decrypted traffic?
Because the HTTPS protocol is assumed to be encrypted, the EDR does not scan this traffic.
All available versions of EDR.
The EDR does scan the HTTP traffic. Therefore, the traffic must be converted to HTTP traffic for the EDR to detect any attacks.
We recommend you review the capabilities of the SSL Visibility Appliance (SSLv) as an integration solution with the EDR.