{"id":34033,"date":"2024-07-30T05:27:04","date_gmt":"2024-07-30T05:27:04","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=34033"},"modified":"2024-07-30T05:27:06","modified_gmt":"2024-07-30T05:27:06","slug":"edr-telemetry","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/edr-telemetry\/","title":{"rendered":"EDR Telemetry – Capabilities Of Products A Comparative Analysis"},"content":{"rendered":"\n

This repo provides a list of\u00a0telemetry features\u00a0from EDR products and other endpoint agents such as\u00a0Sysmon<\/a>\u00a0broken down by category. <\/p>\n\n\n\n

The main motivation behind this project is to enable security practitioners to compare and evaluate the telemetry potential from those tools while encouraging EDR vendors to be more transparent about the telemetry features they do provide to their users and customers.<\/p>\n\n\n\n

Besides compliance, investigations and forensics benefits, rich log telemetry empowers cyber defense teams to develop custom hunting, detection and analytics capabilities tailored to their needs.<\/p>\n\n\n\n

Read details about this project in the initial release blog post\u00a0here<\/a>.<\/p>\n\n\n\n

Telemetry Definition<\/strong><\/a><\/h2>\n\n\n\n

There are many types of\u00a0telemetry<\/em>\u00a0when it comes to Security Instrumentation. <\/p>\n\n\n\n

Here we focus on agents or sensors generating telemetry in the form of\u00a0log data, regardless of the format (json, key-value, csv), as long as the data is automatically generated and transmitted or streamed in near real-time.<\/p>\n\n\n\n

FAQ & Contributions<\/strong><\/a><\/h2>\n\n\n\n

Please check our\u00a0FAQ<\/a>\u00a0page to know more and feel free to get in contact in case you cannot find an answer there.<\/p>\n\n\n\n

In case you ware willing to contribute, please check the\u00a0Contributions<\/a>\u00a0page.<\/p>\n\n\n\n

\n


The telemetry of the EDR products below could improve with time. The\u00a0last_updated<\/code>\u00a0field is the last time the data sources have been updated. <\/p>\n\n\n\n

This might NOT always be up to date with the current telemetry capabilities of each product.<\/p>\n<\/div><\/div>\n\n\n\n

Telemetry Comparison Table<\/strong><\/a><\/h2>\n\n\n\n
\n


The data below do not represent the capability of each of the EDR products to detect or prevent a threat. <\/p>\n\n\n\n

This is ONLY a comparison regarding the available telemetry for each product. <\/p>\n\n\n\n

Some products, such as Elastic EDR, make additional telemetry available in free or paid modules. <\/p>\n\n\n\n

Add-on modules, as well as signals, will not be taken into consideration for this project. Please read more about this on our FAQ page\u00a0here<\/a>.<\/p>\n<\/div><\/div>\n\n\n\n

EDR Evaluation And Scoring Script<\/strong><\/a><\/h2>\n\n\n\n

This script evaluates and scores Endpoint Detection and Response (EDR) Solutions based on their capabilities. <\/p>\n\n\n\n

It reads data from the main JSON file (EDR_telem.json<\/code>), which contains information about various EDRs and their features. <\/p>\n\n\n\n

The script then calculates a score for each EDR based on the presence and absence of certain features, as well as the category of the feature.<\/p>\n\n\n\n

Scoring Logic<\/strong><\/a><\/h2>\n\n\n\n