From 9b9863145a6d270d7f1d7e820e8aa943de934f4e Mon Sep 17 00:00:00 2001
From: John Uhlmann <john.uhlmann@elastic.co>
Date: Thu, 20 Apr 2023 19:39:29 +0800
Subject: [PATCH 1/2] Proposal: Thread Creation sub-category

---
 EDR_telem.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/EDR_telem.json b/EDR_telem.json
index 22a12e4..8d3cbdf 100644
--- a/EDR_telem.json
+++ b/EDR_telem.json
@@ -43,6 +43,17 @@
     "Sysmon":"Yes",
     "WatchGuard":"Yes"
   },
+  {
+    "Telemetry Feature Category":null,
+    "Sub-Category":"Thread Creation",
+    "CrowdStrike":"Pending Response",
+    "Elastic":"Yes",
+    "LimaCharlie":"Pending Response",
+    "MDE":"Pending Response",
+    "Sentinel One":"Pending Response",
+    "Sysmon":"No",
+    "WatchGuard":"Pending Response"
+  },
   {
     "Telemetry Feature Category":null,
     "Sub-Category":"Remote Thread Creation",

From 1c269f6926998140d86a30f96cbf57e7d6735493 Mon Sep 17 00:00:00 2001
From: John Uhlmann <john.uhlmann@elastic.co>
Date: Tue, 25 Apr 2023 08:18:48 +0800
Subject: [PATCH 2/2] Remote Thread Creation -> Thread Creation

---
 EDR_telem.json | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/EDR_telem.json b/EDR_telem.json
index 8d3cbdf..71025aa 100644
--- a/EDR_telem.json
+++ b/EDR_telem.json
@@ -46,23 +46,12 @@
   {
     "Telemetry Feature Category":null,
     "Sub-Category":"Thread Creation",
-    "CrowdStrike":"Pending Response",
-    "Elastic":"Yes",
-    "LimaCharlie":"Pending Response",
-    "MDE":"Pending Response",
-    "Sentinel One":"Pending Response",
-    "Sysmon":"No",
-    "WatchGuard":"Pending Response"
-  },
-  {
-    "Telemetry Feature Category":null,
-    "Sub-Category":"Remote Thread Creation",
     "CrowdStrike":"Yes",
     "Elastic":"Yes",
     "LimaCharlie":"Yes",
     "MDE":"Yes",
     "Sentinel One":"Yes",
-    "Sysmon":"Yes",
+    "Sysmon":"Partially",
     "WatchGuard":"Yes"
   },
   {