Apex One Endpoint Sensor (SaaS) supports the following platforms:
- Windows Desktop
- Windows Server
For the platforms that XDR sensor supports, please refer to the following link: XDR Sensor System Requirements.
|Resource Usage||Frequency of sending data||Average every 5 minutes||Average every 5 minutes||Every 5 minutes or GPB size >900KB||Every 5 minutes|
|Average Generated Data||20 MB/agent/day||7 MB/agent/day||8.7 MB/agent/day||Around 6 MB/(agent*day)|
|Average Network Bandwidth Usage||20 MB/agent/day||7 MB/agent/day||8.7 MB/agent/day||Around 6 MB/(agent*day)|
|Local telemetry cache size when sensor cannot send data to server||500 MB||in memory||200MB||in memory (200MB)|
|The agent behavior after the license expired||Don't record and send any telemetry data||Currently, when the license expires, the sensor still sends telemetry data to the server and stops renewing the required tokens, so the server will no longer receive the telemetry data.|
|Investigation||Based on criteria to do an investigation||✔️||✔️||✔️||✔️|
|Based on IOC to do an investigation||✔️||❌||❌||❌|
|Do a live investigation to check the present status||✔️*1||✔️*2||✔️*2||✔️*2|
|Detection||Threat Detection w/ Attack Discovery||✔️*3||✔️*4||✔️*4||✔️*4|
|Mitigation/Response||Add to User-defined suspicious object||✔️||✔️||✔️||❌|
|Network isolation of endpoint||✔️*6||✔️*7||❌||❌|
|Coordination to EPP production||✔️*8||✔️*9||✔️*9||✔️*9|
*1 The Apex One Endpoint Sensor (SaaS) supports doing live investigation via diskIOC scan, YARA scan, and registry scan.
*2 The XDR sensor supports checking present status via remote shell feature.
*3 The Apex One Endpoint Sensor (SaaS) has its own attack discovery detection engine. After Apex One is registered to Vision One, the Vision One backend server provides detection capability based on recorded activity data.
*4 XDR Sensor doesn't have a detection engine. However, the Vision One backend service provides detection capability based on recorded activity data.
*5 The XDR sensor supports to kill running processes via remote shell feature.
*6 This is for Windows only and it relies on Apex One EPP
*7 This is available when Apex One as a service has registered to Vision One. Users can click isolate endpoint in the Context menu of events in the Vision One Search App or Workbench App that is triggered by Apex One EPP, such as the Apex One detection log.
*8 Apex One Endpoint Sensor (SaaS) is an integrated module of Apex One. If users would like to install Apex One security agent with other EPP products, they have to install the Apex One Coexist agent, not the Full agent.
*9 The XDR Sensor is a standalone sensor, and it can coexist with Trend Micro EPP products and 3rd-party EPP products.
Supported coexistence products:
- Apex One On-Premise
- Apex One as a Service
- Deep Security On-Premise
- Microsoft Defender
- Symantec Endpoint Protection (SEP)
- McAfee Endpoint Security (MES)