From 409f2165642e0d5027dae8fe56498313a3381e5d Mon Sep 17 00:00:00 2001 From: Kostas Date: Mon, 16 Dec 2024 22:07:22 -0800 Subject: [PATCH] No code changes made. --- EDR_telem.json | 1168 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1168 insertions(+) create mode 100644 EDR_telem.json diff --git a/EDR_telem.json b/EDR_telem.json new file mode 100644 index 0000000..2f0a66a --- /dev/null +++ b/EDR_telem.json @@ -0,0 +1,1168 @@ +[ + { + "Telemetry Feature Category":"Process Activity", + "Sub-Category":"Process Creation", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Process Termination", + "Carbon Black":"Partially", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EnablingTelemetry", + "Harfanglab":"No", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"No", + "Trend Micro":"Via EnablingTelemetry", + "Uptycs":"No", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Process Access", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Partially", + "Elastic":"Yes", + "FortiEDR":"No", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"No", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Image\/Library Loaded", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EnablingTelemetry", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Remote Thread Creation", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"No", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"No", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Process Tampering Activity", + "Carbon Black":"Partially", + "Cortex XDR":"Partially", + "CrowdStrike":"Yes", + "Cybereason":"Pending Response", + "ESET Inspect":"No", + "Elastic":"Yes", + "FortiEDR":"No", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"No", + "SentinelOne":"Partially", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":"File Manipulation", + "Sub-Category":"File Creation", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Partially", + "Elastic":"Yes", + "FortiEDR":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"Partially" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"File Opened", + "Carbon Black":"Yes", + "Cortex XDR":"No", + "CrowdStrike":"Partially", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"Yes", + "FortiEDR":"Via EnablingTelemetry", + "Harfanglab":"Yes", + "LimaCharlie":"Partially", + "MDE":"No", + "Qualys":"Yes", + "SentinelOne":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Via EnablingTelemetry", + "Uptycs":"Yes", + "WatchGuard":"Partially" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"File Deletion", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EnablingTelemetry", + "Harfanglab":"No", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Via EnablingTelemetry", + "Uptycs":"Yes", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"File Modification", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EnablingTelemetry", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"No", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"File Renaming", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EnablingTelemetry", + "Harfanglab":"Yes", + "LimaCharlie":"Partially", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"Partially" + }, + { + "Telemetry Feature Category":"User Account Activity", + "Sub-Category":"Local Account Creation", + "Carbon Black":"No", + "Cortex XDR":"Via EventLogs", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", + "Elastic":"Via EventLogs", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Via EventLogs", + "LimaCharlie":"Via EventLogs", + "MDE":"Yes", + "Qualys":"Via EventLogs", + "SentinelOne":"Yes", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Via EventLogs", + "Uptycs":"Via EventLogs", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Local Account Modification", + "Carbon Black":"No", + "Cortex XDR":"Via EventLogs", + "CrowdStrike":"Partially", + "Cybereason":"No", + "ESET Inspect":"Yes", + "Elastic":"Via EventLogs", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Via EventLogs", + "LimaCharlie":"Via EventLogs", + "MDE":"Yes", + "Qualys":"Via EventLogs", + "SentinelOne":"Via EventLogs", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Via EventLogs", + "Uptycs":"Via EventLogs", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Local Account Deletion", + "Carbon Black":"No", + "Cortex XDR":"Via EventLogs", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", + "Elastic":"Via EventLogs", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Via EventLogs", + "LimaCharlie":"Via EventLogs", + "MDE":"Yes", + "Qualys":"Via EventLogs", + "SentinelOne":"Via EventLogs", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Via EnablingTelemetry", + "Uptycs":"Via EventLogs", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Account Login", + "Carbon Black":"Via EventLogs", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Yes", + "LimaCharlie":"Partially", + "MDE":"Yes", + "Qualys":"Via EventLogs", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Via EventLogs", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Account Logoff", + "Carbon Black":"Via EventLogs", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Yes", + "LimaCharlie":"Via EventLogs", + "MDE":"No", + "Qualys":"Via EventLogs", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Via EventLogs", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":"Network Activity", + "Sub-Category":"TCP Connection", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Via EnablingTelemetry", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"UDP Connection", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", + "Elastic":"Yes", + "FortiEDR":"Yes", + "Harfanglab":"Via EventLogs", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"No", + "Symantec SES Complete":"Via EnablingTelemetry", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"URL", + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", + "Elastic":"Partially", + "FortiEDR":"No", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Via EnablingTelemetry", + "Symantec SES Complete":"Partially", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "Uptycs":"Yes", + "WatchGuard":"Partially" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"DNS Query", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EnablingTelemetry", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"No", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"File Downloaded", + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"Yes", + "Cybereason":"Partially", + "ESET Inspect":"Partially", + "Elastic":"No", + "FortiEDR":"No", + "Harfanglab":"No", + "LimaCharlie":"Partially", + "MDE":"Yes", + "Qualys":"No", + "SentinelOne":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"Yes", + "Uptycs":"Partially", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":"Hash Algorithms", + "Sub-Category":"MD5", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"SHA", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"IMPHASH", + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"No", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"Partially", + "FortiEDR":"No", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"No", + "Qualys":"No", + "SentinelOne":"No", + "Symantec SES Complete":"No", + "Sysmon":"Yes", + "Trellix":"No", + "Trend Micro":"No", + "Uptycs":"No", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":"Registry Activity", + "Sub-Category":"Key\/Value Creation", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Partially", + "Cybereason":"Partially", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EnablingTelemetry", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Key\/Value Modification", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Partially", + "Cybereason":"Partially", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EnablingTelemetry", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"No", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Key\/Value Deletion", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"No", + "Cybereason":"Partially", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EnablingTelemetry", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":"Schedule Task Activity", + "Sub-Category":"Scheduled Task Creation", + "Carbon Black":"No", + "Cortex XDR":"Via EventLogs", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Via EventLogs", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Via EventLogs", + "LimaCharlie":"Via EventLogs", + "MDE":"Yes", + "Qualys":"Via EventLogs", + "SentinelOne":"Yes", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"Via EventLogs", + "Uptycs":"Via EventLogs", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Scheduled Task Modification", + "Carbon Black":"No", + "Cortex XDR":"Via EventLogs", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", + "Elastic":"Via EventLogs", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Via EventLogs", + "LimaCharlie":"Via EventLogs", + "MDE":"Yes", + "Qualys":"Via EventLogs", + "SentinelOne":"Yes", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Via EventLogs", + "Uptycs":"Via EventLogs", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Scheduled Task Deletion", + "Carbon Black":"No", + "Cortex XDR":"Via EventLogs", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"Via EventLogs", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Via EventLogs", + "LimaCharlie":"Via EventLogs", + "MDE":"Yes", + "Qualys":"Via EventLogs", + "SentinelOne":"Yes", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"Via EventLogs", + "Uptycs":"Via EventLogs", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":"Service Activity", + "Sub-Category":"Service Creation", + "Carbon Black":"Partially", + "Cortex XDR":"Via EventLogs", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Via EventLogs", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Via EventLogs", + "LimaCharlie":"Yes", + "MDE":"Via EventLogs", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"Via EventLogs", + "Uptycs":"Yes", + "WatchGuard":"Partially" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Service Modification", + "Carbon Black":"No", + "Cortex XDR":"Via EventLogs", + "CrowdStrike":"Partially", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"Via EventLogs", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Via EventLogs", + "LimaCharlie":"Yes", + "MDE":"No", + "Qualys":"Yes", + "SentinelOne":"Via EnablingTelemetry", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Via EventLogs", + "Uptycs":"Yes", + "WatchGuard":"Partially" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Service Deletion", + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"No", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"Via EventLogs", + "FortiEDR":"Via EventLogs", + "Harfanglab":"No", + "LimaCharlie":"Pending Response", + "MDE":"No", + "Qualys":"No", + "SentinelOne":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"Via EventLogs", + "Uptycs":"Yes", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":"Driver\/Module Activity", + "Sub-Category":"Driver Loaded", + "Carbon Black":"No", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EnablingTelemetry", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"No", + "Sysmon":"Yes", + "Trellix":"No", + "Trend Micro":"Via EnablingTelemetry", + "Uptycs":"Via EventLogs", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Driver Modification", + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"No", + "FortiEDR":"No", + "Harfanglab":"No", + "LimaCharlie":"Yes", + "MDE":"No", + "Qualys":"Yes", + "SentinelOne":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "Uptycs":"Yes", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Driver Unloaded", + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"No", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"No", + "FortiEDR":"No", + "Harfanglab":"No", + "LimaCharlie":"No", + "MDE":"No", + "Qualys":"No", + "SentinelOne":"Partially", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "Uptycs":"Via EventLogs", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":"Device Operations", + "Sub-Category":"Virtual Disk Mount", + "Carbon Black":"No", + "Cortex XDR":"Partially", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"No", + "FortiEDR":"No", + "Harfanglab":"No", + "LimaCharlie":"Yes", + "MDE":"No", + "Qualys":"No", + "SentinelOne":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"USB Device Unmount", + "Carbon Black":"No", + "Cortex XDR":"Partially", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", + "Elastic":"No", + "FortiEDR":"No", + "Harfanglab":"No", + "LimaCharlie":"Partially", + "MDE":"Yes", + "Qualys":"No", + "SentinelOne":"Via EnablingTelemetry", + "Symantec SES Complete":"Via EnablingTelemetry", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"USB Device Mount", + "Carbon Black":"Partially", + "Cortex XDR":"Partially", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", + "Elastic":"No", + "FortiEDR":"No", + "Harfanglab":"No", + "LimaCharlie":"Partially", + "MDE":"Yes", + "Qualys":"No", + "SentinelOne":"Via EnablingTelemetry", + "Symantec SES Complete":"Via EnablingTelemetry", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":"Other Relevant Events", + "Sub-Category":"Group Policy Modification", + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"No", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"No", + "FortiEDR":"No", + "Harfanglab":"No", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "SentinelOne":"Yes", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "Uptycs":"Via EventLogs", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":"Named Pipe Activity", + "Sub-Category":"Pipe Creation", + "Carbon Black":"Partially", + "Cortex XDR":"No", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", + "Elastic":"No", + "FortiEDR":"No", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"No", + "SentinelOne":"Via EnablingTelemetry", + "Symantec SES Complete":"No", + "Sysmon":"Yes", + "Trellix":"No", + "Trend Micro":"Via EnablingTelemetry", + "Uptycs":"Yes", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Pipe Connection", + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"No", + "FortiEDR":"No", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"No", + "SentinelOne":"Via EnablingTelemetry", + "Symantec SES Complete":"No", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Via EnablingTelemetry", + "Uptycs":"No", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":"EDR SysOps", + "Sub-Category":"Agent Start", + "Carbon Black":"Yes", + "Cortex XDR":"Partially", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", + "Elastic":"No", + "FortiEDR":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Via EventLogs", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Via EnablingTelemetry", + "Sysmon":"Yes", + "Trellix":"Pending Response", + "Trend Micro":"No", + "Uptycs":"Yes", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Agent Stop", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", + "Elastic":"Yes", + "FortiEDR":"No", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Via EventLogs", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Via EnablingTelemetry", + "Sysmon":"Yes", + "Trellix":"Pending Response", + "Trend Micro":"No", + "Uptycs":"Yes", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Agent Install", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"No", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"No", + "FortiEDR":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Via EventLogs", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Via EnablingTelemetry", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "Uptycs":"No", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Agent Uninstall", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Yes", + "Harfanglab":"No", + "LimaCharlie":"No", + "MDE":"No", + "Qualys":"No", + "SentinelOne":"Yes", + "Symantec SES Complete":"Via EnablingTelemetry", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "Uptycs":"No", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Agent Keep-Alive", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"No", + "FortiEDR":"No", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Via EventLogs", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Via EnablingTelemetry", + "Sysmon":"No", + "Trellix":"Pending Response", + "Trend Micro":"No", + "Uptycs":"No", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"Agent Errors", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Via EnablingTelemetry", + "Sysmon":"Yes", + "Trellix":"Pending Response", + "Trend Micro":"No", + "Uptycs":"Yes", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":"WMI Activity", + "Sub-Category":"WmiEventConsumerToFilter", + "Carbon Black":"No", + "Cortex XDR":"Via EnablingTelemetry", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"Via EventLogs", + "SentinelOne":"Yes", + "Symantec SES Complete":"Partially", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Via EventLogs", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"WmiEventConsumer", + "Carbon Black":"No", + "Cortex XDR":"Via EnablingTelemetry", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"Via EventLogs", + "SentinelOne":"Yes", + "Symantec SES Complete":"Partially", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Via EventLogs", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":null, + "Sub-Category":"WmiEventFilter", + "Carbon Black":"No", + "Cortex XDR":"Via EnablingTelemetry", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"Via EventLogs", + "SentinelOne":"Yes", + "Symantec SES Complete":"Partially", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Via EventLogs", + "Uptycs":"Yes", + "WatchGuard":"Yes" + }, + { + "Telemetry Feature Category":"BIT JOBS Activity", + "Sub-Category":"BIT JOBS Activity", + "Carbon Black":"No", + "Cortex XDR":"Via EnablingTelemetry", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"No", + "FortiEDR":"Via EventLogs", + "Harfanglab":"No", + "LimaCharlie":"No", + "MDE":"No", + "Qualys":"Yes", + "SentinelOne":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Via EventLogs", + "Uptycs":"No", + "WatchGuard":"No" + }, + { + "Telemetry Feature Category":"PowerShell Activity", + "Sub-Category":"Script-Block Activity", + "Carbon Black":"Yes", + "Cortex XDR":"Via EventLogs", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", + "Elastic":"No", + "FortiEDR":"Via EventLogs", + "Harfanglab":"Yes", + "LimaCharlie":"Via EventLogs", + "MDE":"Yes", + "Qualys":"Yes", + "SentinelOne":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Yes", + "Uptycs":"Yes", + "WatchGuard":"No" + } + ] \ No newline at end of file