Radegast EDR
Getting Started
Radegast EDR — Backend
Features
Deployment
Quick Start
Local Development
Prerequisites
Installation
Running the Backend
Configuration
User Guides
Platform Overview
Why Radegast EDR?
Perfect for Smaller-Scale Deployments
Core Components
Dashboard
Alerts & Logs
Devices
Teams & Groups
Detection Packs
Exclusions
How It Works
Security Model
Use Cases
Threat Detection
Incident Response
Security Operations
Getting Started
Device Installation
Feature Overview
Step-by-Step Guide
Prerequisites
Linux Installation
Windows Installation
Automatic Installation (Recommended)
Post-Installation Steps
Tips & Validations
Troubleshooting
Agent fails to start
Agent starts but can’t connect
Device shows as offline in Console
High CPU or Memory usage
Logs aren’t appearing in Console
“Invalid token” error
Installation script fails
Managing Devices
Feature Overview
What Value Does This Feature Add?
Step-by-Step Guide
Accessing the Devices Page
Understanding the Devices List
Adding a New Device
Prerequisites
Steps
Installing the Agent on a Device
Viewing Device Details
Editing a Device
Renaming a Device
Changing Device Groups
Reinstalling a Device (Generating New Token)
Deleting a Device
Managing Device Group Membership
Adding to a Group
Removing from a Group
Tips & Validations
Troubleshooting
Device shows as offline
Can’t create a device
Can’t see any devices
Can’t delete a device
Token doesn’t work
Device shows wrong version
Device Groups
Feature Overview
What Value Does This Feature Add?
Step-by-Step Guide
Accessing Device Groups
Understanding the Groups List
Creating a New Device Group
Steps
Viewing Group Details
Adding Devices to a Group
During Device Creation
Adding Existing Devices
Removing Devices from a Group
Managing Group Ownership (Teams)
Adding a Team to a Group
Removing a Team from a Group
Renaming a Group
Deleting a Group
Tips & Validations
Troubleshooting
Can’t create a group
Can’t see any groups
Can’t add a device to a group
Can’t remove a device from a group
Can’t add a team to a group
Can’t delete a group
Group not showing up for team members
Teams Management
Feature Overview
What Value Does This Feature Add?
Step-by-Step Guide
Accessing Teams
Understanding Teams List
Creating a New Team
Steps
Viewing Team Details
Managing Team Members
Adding a Member
Removing a Member
Editing a Team
Managing Team Permissions
Pack Permission
Invite Permission
Admin Permission
Logs Permission
Team Hierarchy (Managing Teams)
Deleting a Team
Tips & Validations
Troubleshooting
Can’t create a team
Can’t see any teams
Can’t add a member to a team
Can’t edit a team
Team members can’t see devices
Can’t delete a team
Detection Packs
Feature Overview
What Value Does This Feature Add?
Step-by-Step Guide
Accessing Packs
Understanding the Packs List
Creating a New Detection Pack
Steps
Uploading Pack Content
Viewing Pack Details
Downloading Pack Content
Editing Pack Metadata
Managing Team Access
Adding Teams to a Pack
Removing Teams from a Pack
Deleting a Pack
Enabling/Disabling Packs for Devices
Tips & Validations
Troubleshooting
Can’t create a pack
Can’t upload pack content
Can’t see any packs
Can’t download a pack
Pack not working on devices
Can’t delete a pack
Some alerts functionality requires Extended EDR
Exclusions
Feature Overview
What Value Does This Feature Add?
Step-by-Step Guide
Accessing Exclusions
Understanding the Exclusions List
Creating a New Exclusion
Steps
JSONata Query Basics
Simple Field Matching
Pattern Matching
Multiple Conditions
Nested Field Access
Testing Your Query
Viewing Exclusion Details
Editing an Exclusion
Deleting an Exclusion
Bulk Exclusion Management
Tips & Validations
Troubleshooting
Can’t create an exclusion
Exclusion not working
Can’t see any exclusions
Can’t delete an exclusion
Too many events being excluded
Events that should be excluded aren’t
Alerts Dashboard
Feature Overview
What Value Does This Feature Add?
Step-by-Step Guide
Accessing the Alerts Dashboard
Understanding the Dashboard Layout
Viewing Alert Details
Triage Actions
Mark as Read
Set Resolution
Add Triage Notes
Advanced Filtering
By Time Range
By Severity
By Search Query
By Device/Group
Bulk Actions
Mark All as Seen
Working with Encrypted Alerts
Keyboard Shortcuts
Tips & Validations
Troubleshooting
I don’t see any alerts
Alerts show as encrypted
Alerts aren’t updating
I can’t see alerts from specific devices
Browser notifications aren’t working
Hunt Mode
Feature Overview
What Hunt Mode Provides
Prerequisites
Step-by-Step Guide
Accessing Hunt Mode
Understanding the Hunt Interface
Creating a Basic Query
Common Query Examples
Viewing Results
Working with Encrypted Data
Advanced Querying
JSONata Query Language
Example: Complex Threat Hunting
Example: Lateral Movement Detection
Tips
Troubleshooting
No results returned
Hunt Mode not available
Results are encrypted
Query is slow
JSONata syntax errors
Logs Management
Feature Overview
What Value Does This Feature Add?
Step-by-Step Guide
Accessing Logs
Understanding the Logs View
Viewing Log Details
Searching Logs
Basic Search
Advanced Search
Filtering Logs
By Time Range
By Severity
By Device/Group
By Resolution Status
Sorting Logs
Working with Encrypted Logs
Exporting Logs
Bulk Actions on Logs
Mark Multiple Logs as Seen
Bulk Resolution
Log Retention and Archiving
Viewing Log Statistics
Keyboard Shortcuts for Logs
Tips & Validations
Troubleshooting
No logs showing
Logs show as encrypted
Search not finding expected logs
Slow performance with many logs
Can’t export logs
Log details not loading
Wrong time zone
Logs from wrong devices
Encryption Keys
Feature Overview
What Value Does This Feature Add?
Step-by-Step Guide
Understanding the Encryption Model
Accessing Encryption Keys
Understanding the Keys List
Creating a New Key Pair
First-Time Setup (New User)
Creating Additional Keys
Making a Key Active
Setting a Default Key for Decryption
Viewing Key Details
Deleting a Key Pair
Key Recovery
Option 1: Recovery Key (Recommended)
Option 2: Key Transfer from Another Browser
Generating a Recovery Key
Exporting a Private Key
Tips & Validations
Troubleshooting
No private key found / Can’t decrypt logs
“Private Key Not Found” warning on dashboard
Recovery key doesn’t work
Transfer token doesn’t work
Can’t create a key pair
Logs show as encrypted
Multiple keys causing confusion
API Keys
Feature Overview
What Value Does This Feature Add?
Step-by-Step Guide
Prerequisites
Enabling API Keys for Your Account
Accessing API Keys
Understanding the API Keys List
Creating a New API Key
Using Your API Key
Understanding Scopes
Viewing API Key Usage
Deleting an API Key
Tips & Validations
Troubleshooting
Can’t create API keys
API key not working
“Invalid token” error
Can’t see API Keys option
Requests not working with API key
Key was exposed
Multi-Factor Authentication (MFA)
Feature Overview
What Value Does This Feature Add?
Step-by-Step Guide
Understanding MFA Methods
Setting Up MFA
Step 1: Initial Login
Step 2: Choose MFA Method
Setting Up OTP (Recommended for Most Users)
Setting Up Hardware Security Token
Setting Up WebAuthn
Using Multiple MFA Methods
Logging In with MFA
Managing Your MFA Methods
Removing an MFA Method
Recovering MFA Access
Admin: Managing User MFA Requirements
Tips & Validations
Troubleshooting
MFA not working
“MFA Required” but I can’t set it up
OTP code not accepted
Hardware token not detected
WebAuthn not available
“MFA setup missing” warning
Locked out of account
Can’t remove my only MFA method
Hardware token not working on mobile
Notifications
Feature Overview
How Notifications Work
Step-by-Step Guide
Accessing Notification Settings
Configuring Email Notifications
Notification Content
Managing Notification Preferences
Email Delivery and Behavior
Tips
Troubleshooting
Not receiving email notifications
Getting too many notifications
Notifications are delayed
Notification content is incomplete
User Settings
Feature Overview
Accessing Settings
Settings Sections
Profile Settings
Security Settings
Changing Your Password
Managing API Keys
Notification Settings
Encryption Keys Management
Key Types
Viewing Your Keys
Adding a New Key Pair
Recovery Key Information
Deleting Keys
Key Transfer
Extended EDR Mode
Enabling Extended EDR Mode
API Keys Support
Enabling API Keys
MFA Settings
Tips
Troubleshooting
Settings not saving
Changed email but can’t log in
Password change not working
User Administration (Admin)
Feature Overview
What Value Does This Feature Add?
Step-by-Step Guide
Accessing the Admin Panel
Understanding the Admin Dashboard
Managing Users
Viewing All Users
Understanding User Roles
Viewing User Details
Resetting a User’s Password
Deleting a User
Managing All Devices
Viewing All Devices
Deleting a Device
Managing All Packs
Viewing All Packs
Deleting a Pack
User MFA Status
Tips & Validations
Troubleshooting
Can’t access Admin panel
Can’t see all users/devices/packs
Can’t reset user password
Can’t delete a user/device/pack
User can’t log in after password reset
Radegast EDR
Index
Index