Update to file modification on Linux for MDE (#110)

* Update to file modification on linux * Update MDE Linux telemetry status and explanation for file modification events --------- Co-authored-by: Kostas <[email protected]>
tsale · Jan 29, 2025 · c98a380 · c98a380
1 parent 35bbff5
commit c98a380
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/EDR_telem_linux.json b/EDR_telem_linux.json
@@ -53,7 +53,7 @@
     "ESET Inspect":"Yes",
     "Elastic":"Yes",
     "LimaCharlie":"Yes",
-    "MDE":"No",
+    "MDE":"Partially",
     "Qualys":"Yes",
     "SentinelOne":"Yes",
     "Sysmon":"No",

diff --git a/partially_value_explanations_linux.json b/partially_value_explanations_linux.json
@@ -50,7 +50,7 @@
       "CrowdStrike":"",
       "Sysmon":"",
       "LimaCharlie":"",
-      "MDE":"",
+      "MDE":{"Partially":"Although the file is modified, the event is recorded as FileCreated instead of FileModified, misrepresenting the actual action and preventing analysts from distinguishing between file creation and modification."},
       "Elastic":"",
       "Auditd":"",
       "Carbon Black Cloud":""