Oftentimes the most crucial insight into any environment comes from the endpoints—the systems that are being interactively used or providing services to the environment. Given the wealth of artifacts that can be collected from endpoints, they are excellent resources for providing a comprehensive view into the activities of users and active attackers. In this paper—the second in a two-part series—we continue our examination of the Fidelis Elevate1 platform, with a specific focus on the endpoint portion: Fidelis Endpoint. While technically part of, and accessible from the CommandPost interface, Fidelis Endpoint provides a unique platform for monitoring endpoints, tracking behaviors and threat hunting, to name only a few of its many capabilities. As we examine the overall Fidelis Elevate platform, you can expect to see mentions of how the technologies discussed in the first part of this two-part series2 —including deception—can be incorporated into Endpoint analysis