BI.ZONE EDR 1.37 streamlines telemetry storage

The new capability simplifies and speeds up querying. Also, the macOS agent is now compatible with the Podman container engine and has new telemetry and enhanced autonomous response capabilities

April 9, 2025

Version 1.37 features an updated search for telemetry events collected by the EDR agents. This data is used to analyze and investigate cyber incidents as well as proactively research hypotheses as part of threat hunting.

In addition, the Events section now makes it possible to save search queries for future use. Queries can be sorted into folders, depending on the project, incident type, and other criteria. Also, they can be shared with other users as saved or unsaved search queries.

Telemetry storage is one of the key components of a modern EDR solution. Its flexible and convenient search capability directly affects the speed of investigation and decision-making by SOC. The latest BI.ZONE EDR update offers enhanced event management capabilities. The ability to save search queries and sort them into folders helps standardize the approach to incident investigation and save time.

Teymur Kheirkhabarov

Head of Cyber Threat Monitoring, Response and Research

The BI.ZONE EDR agent for macOS introduces a new feature to monitor operations with inventory data and track changes to critical OS objects. Now, users have access to the information about inventory operations and which specific changes were made to the OS objects. The new version also further enhances autonomous response capabilities. Thus, users can create custom scripts in addition to the built-in functions to run any arbitrary command and get its output. This feature allows them to go beyond the built-in response functions and leverage custom scripts. The previous release of BI.ZONE EDR introduced the same capability for Linux.

Furthermore, the new macOS module is compatible with the Podman container engine, offering greater opportunities for managing and analyzing events in a containerized environment. Users and administrators now have more events to work with such as starting and stopping container and the inventory of started and stopped containers. This facilitates a wider use of modern containerization solutions and increases the transparency of what is happening in the developer environment running Podman.

With the latest upgrade, BI.ZONE EDR now supports three container engines: Docker, ContainerD, Podman.

A notable addition is the ability to automatically delete EDR agents that have remained inactive for a specified amount of time. This helps keep agent information up to date on the server and simplifies administration.

Other major improvements include new telemetry events and enrichment scenarios all through a more user-friendly UI.