Abstract: In order to further improve the capabilities to monitor the network security, the State Grid Corporation of China formulated the work goal of full collection of asset and behavior data, applied endpoint detection and response technology, reconstructed the architecture of the original endpoint agent, formulated new endpoint system information collection specifications, and break through key technologies such as endpoint system information collection, system event subscription, system resource consumption monitoring and throttling, And then new endpoint agent product was developed. After experimental verification, the reconfigured endpoint agent performance and system resource occupation meet the requirements for monitoring capability improvement. Finally, the application prospect of endpoint agent and endpoint detection and response technology in power monitoring system is prospected.