How does EDR count Non-remediated detections for the Executive Report?
search cancel

How does EDR count Non-remediated detections for the Executive Report?


Article ID: 230774


Updated On:


Endpoint Detection and Response Hardware


On the EDR monthly report, what does "non-remediated detections" count?



Release :

Component :


The report module is a backend service module, based on a schedule or on-demand, run a Javascript (Node.js) task to collect data from database  and then construct PDF format report.

A task in this case is 'executive report' : which will perform following data collection.

1) given time period (1 month), collect all open state incident

2) each day, each incident, find a number of endpoint to be associated with the incident.
ex) we have three open state incidents 1000, 1001, 1002 at date X
1000: associate with endpoint A
1001: associate with endpoint A and B
1002: associate with endpoint C, D, and E

Then the date 'X': has 5 endpoints in total (A, B, C, D and E)

3) check if endpoint is managed by SEP Agent by checking SEPM collected data/mapping, then count up
ex) Endpoint A, B, C, D is found with SEP installation unique data => managed
Endpoint E is found without SEP installation unique data => unmanaged
managed: 4. unmanaged:1

4) repeat 2) and 3) for all given time period (1 month) once per day

5) generate PDF with information:
'Count of non-remediated detections on unmanaged endpoints => sum of unmanaged endpoint count
'Count of non-remediated detections on managed endpoints => sum of managed endpoint count

There is a chart shown at above of context. it shows actual distribution of endpoint number per day.

In char pane, 'infected endpoints' are same as endpoints which is associated with open state incident at a time of given date.