Test Telemetry Linux - Crowdstrike (on debian)

[mthcht]

@tsale
The result of my test:

[
telemetry_debian_edr_crowdstrike_test.md
](url)

[tsale]

Thanks @mthcht! I have a quick question: Could you please let me know if you can see any of the events below?

User Logon
User Logoff
Logon Failed
Script Content (The content of the script that is being executed)

[mthcht]

i can see all the content script yes, i'll have to check again later for the others

[mthcht]

@tsale I checked again, and there are no traces of user logon, logoff, or failed logon events for my session.

Correction: Regarding the script content, the event log differs from all the others. I noticed it does not have an "event_simpleName" assigned (This event is likely to go unnoticed by most and is not properly parsed by default) and i don't have the full content of the script, it's truncated by crowdstrike:

[tsale]

Thanks @mthcht! In terms of the script content, this is good. I would still count that.

[mthcht]

@tsale i added a scheduled task manually with a crontab command since the script failed and no dedicated event for this, only visible in process execution 'ProcessRollup2'

[tsale]

Thank you for the clarification @mthcht!