From c12f30e1a774f3d62dbb0c68b0bbdf237168754f Mon Sep 17 00:00:00 2001 From: Alex Teixeira Date: Wed, 22 May 2024 12:20:39 +0100 Subject: [PATCH 1/3] Update EDR_telem.json: adding Sophos Details on schema available below: https://docs.sophos.com/central/References/schemas/index.html?schema=xdr_schema_docs --- EDR_telem.json | 1737 +++++++++++++++++++++++++----------------------- 1 file changed, 895 insertions(+), 842 deletions(-) diff --git a/EDR_telem.json b/EDR_telem.json index 2952fe0..8fc47dd 100644 --- a/EDR_telem.json +++ b/EDR_telem.json @@ -2,1061 +2,1114 @@ { "Telemetry Feature Category":"Process Activity", "Sub-Category":"Process Creation", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"Yes" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Process Termination", - "Carbon Black":"Partially", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"No", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"No", - "Symantec SES Complete":"Yes", - "Sysmon":"Yes", - "Trellix":"No", - "Trend Micro":"Via EnablingTelemetry", - "WatchGuard":"No" + "Carbon Black":"Partially Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Not Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"️", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Process Access", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Partially", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"No" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Partially Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Image\/Library Loaded", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"Yes" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Remote Thread Creation", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Yes", - "Symantec SES Complete":"No", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"Yes" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Process Tampering Activity", - "Carbon Black":"Partially", - "Cortex XDR":"Partially", - "CrowdStrike":"Yes", + "Carbon Black":"Partially Implemented", + "Cortex XDR":"Partially Implemented", + "CrowdStrike":"Implemented", "Cybereason":"Pending Response", - "ESET Inspect":"No", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Partially", - "Symantec SES Complete":"Yes", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"No" + "ESET Inspect":"Not Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Partially Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":"File Manipulation", "Sub-Category":"File Creation", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Partially", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"Partially" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Partially Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Partially Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"File Opened", - "Carbon Black":"Yes", - "Cortex XDR":"No", - "CrowdStrike":"Partially", - "Cybereason":"No", - "ESET Inspect":"No", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"No", - "MDE":"No", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"Yes", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"Partially", - "WatchGuard":"Partially" + "Carbon Black":"Implemented", + "Cortex XDR":"Not Implemented", + "CrowdStrike":"Partially Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Not Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"Partially Implemented", + "WatchGuard":"Partially Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"File Deletion", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"No", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Not Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"File Modification", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"No", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"No" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"File Renaming", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"No", - "WatchGuard":"Partially" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Partially Implemented" }, { "Telemetry Feature Category":"User Account Activity", "Sub-Category":"Local Account Creation", - "Carbon Black":"No", - "Cortex XDR":"Via EventLogs", - "CrowdStrike":"Yes", - "Cybereason":"No", - "ESET Inspect":"Yes", - "Elastic":"Via EventLogs", - "Harfanglab":"Via EventLogs", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Not Implemented", + "Cortex XDR":"", + "CrowdStrike":"Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Implemented", + "Elastic":"", + "Harfanglab":"", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Local Account Modification", - "Carbon Black":"No", - "Cortex XDR":"Via EventLogs", - "CrowdStrike":"Partially", - "Cybereason":"No", - "ESET Inspect":"Yes", - "Elastic":"Via EventLogs", - "Harfanglab":"Via EventLogs", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Not Implemented", + "Cortex XDR":"", + "CrowdStrike":"Partially Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Implemented", + "Elastic":"", + "Harfanglab":"", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Local Account Deletion", - "Carbon Black":"No", - "Cortex XDR":"Via EventLogs", - "CrowdStrike":"Yes", - "Cybereason":"No", - "ESET Inspect":"Yes", - "Elastic":"Via EventLogs", - "Harfanglab":"Via EventLogs", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Not Implemented", + "Cortex XDR":"", + "CrowdStrike":"Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Implemented", + "Elastic":"", + "Harfanglab":"", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Account Login", - "Carbon Black":"Via EventLogs", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Partially", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"Via EventLogs", - "WatchGuard":"Yes" + "Carbon Black":"", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Partially Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Implemented", + "Sophos":"", + "Symantec SES Complete":"Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Account Logoff", - "Carbon Black":"Via EventLogs", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"No", - "MDE":"No", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"Yes", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"Via EventLogs", - "WatchGuard":"Yes" + "Carbon Black":"", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Not Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"", + "Symantec SES Complete":"Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":"Network Activity", "Sub-Category":"TCP Connection", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Via EnablingTelemetry", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"Yes" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Implemented", + "Symantec SES Complete":"️", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"UDP Connection", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"No", - "Elastic":"Yes", - "Harfanglab":"Via EventLogs", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"No", - "Symantec SES Complete":"Via EnablingTelemetry", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"Yes" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"Implemented", + "Harfanglab":"", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Implemented", + "Symantec SES Complete":"️", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"URL", - "Carbon Black":"No", - "Cortex XDR":"No", - "CrowdStrike":"Yes", - "Cybereason":"No", - "ESET Inspect":"Yes", - "Elastic":"Partially", - "Harfanglab":"Yes", - "LimaCharlie":"Partially", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"Via EnablingTelemetry", - "Symantec SES Complete":"Partially", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"No", - "WatchGuard":"Partially" + "Carbon Black":"Not Implemented", + "Cortex XDR":"Not Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Partially Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Partially Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"️", + "Sophos":"Implemented", + "Symantec SES Complete":"Partially Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Partially Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"DNS Query", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Yes", - "Symantec SES Complete":"No", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"Yes" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"File Downloaded", - "Carbon Black":"No", - "Cortex XDR":"No", - "CrowdStrike":"Yes", - "Cybereason":"Partially", - "ESET Inspect":"Partially", - "Elastic":"No", - "Harfanglab":"No", - "LimaCharlie":"Partially", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"No", - "Trend Micro":"Yes", - "WatchGuard":"Yes" + "Carbon Black":"Not Implemented", + "Cortex XDR":"Not Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Partially Implemented", + "ESET Inspect":"Partially Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Not Implemented", + "LimaCharlie":"Partially Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":"Hash Algorithms", "Sub-Category":"MD5", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"Yes" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"SHA", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"No" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"IMPHASH", - "Carbon Black":"No", - "Cortex XDR":"No", - "CrowdStrike":"No", - "Cybereason":"No", - "ESET Inspect":"No", - "Elastic":"Partially", - "Harfanglab":"Yes", - "LimaCharlie":"No", - "MDE":"No", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"No", - "Sysmon":"Yes", - "Trellix":"No", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Not Implemented", + "Cortex XDR":"Not Implemented", + "CrowdStrike":"Not Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"Partially Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Not Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":"Registry Activity", "Sub-Category":"Key\/Value Creation", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Partially", - "Cybereason":"Partially", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"Yes" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Partially Implemented", + "Cybereason":"Partially Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Partially Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Key\/Value Modification", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"Partially", - "Cybereason":"Partially", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"Yes" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Partially Implemented", + "Cybereason":"Partially Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Key\/Value Deletion", - "Carbon Black":"Yes", - "Cortex XDR":"Yes", - "CrowdStrike":"No", - "Cybereason":"Partially", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Yes", - "WatchGuard":"Yes" + "Carbon Black":"Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Not Implemented", + "Cybereason":"Partially Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":"Schedule Task Activity", "Sub-Category":"Scheduled Task Creation", - "Carbon Black":"No", - "Cortex XDR":"Via EventLogs", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"No", - "Elastic":"Via EventLogs", - "Harfanglab":"Via EventLogs", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Yes", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"No", - "Trend Micro":"Via EventLogs", - "WatchGuard":"No" + "Carbon Black":"Not Implemented", + "Cortex XDR":"", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"", + "Harfanglab":"", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Implemented", + "Sophos":"", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Scheduled Task Modification", - "Carbon Black":"No", - "Cortex XDR":"Via EventLogs", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"No", - "Elastic":"Via EventLogs", - "Harfanglab":"Via EventLogs", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Yes", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Not Implemented", + "Cortex XDR":"", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"", + "Harfanglab":"", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Scheduled Task Deletion", - "Carbon Black":"No", - "Cortex XDR":"Via EventLogs", - "CrowdStrike":"Yes", - "Cybereason":"No", - "ESET Inspect":"No", - "Elastic":"Via EventLogs", - "Harfanglab":"Via EventLogs", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Yes", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"No", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Not Implemented", + "Cortex XDR":"", + "CrowdStrike":"Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"", + "Harfanglab":"", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":"Service Activity", "Sub-Category":"Service Creation", - "Carbon Black":"Partially", - "Cortex XDR":"Via EventLogs", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"No", - "Elastic":"Via EventLogs", - "Harfanglab":"Via EventLogs", - "LimaCharlie":"Yes", - "MDE":"Via EventLogs", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"No", - "Trend Micro":"No", - "WatchGuard":"Partially" + "Carbon Black":"Partially Implemented", + "Cortex XDR":"", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"", + "Harfanglab":"", + "LimaCharlie":"Implemented", + "MDE":"", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Partially Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Service Modification", - "Carbon Black":"No", - "Cortex XDR":"Via EventLogs", - "CrowdStrike":"Partially", - "Cybereason":"No", - "ESET Inspect":"No", - "Elastic":"Via EventLogs", - "Harfanglab":"Via EventLogs", - "LimaCharlie":"Yes", - "MDE":"No", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"No", - "WatchGuard":"Partially" + "Carbon Black":"Not Implemented", + "Cortex XDR":"", + "CrowdStrike":"Partially Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"", + "Harfanglab":"", + "LimaCharlie":"Implemented", + "MDE":"Not Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Partially Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Service Deletion", - "Carbon Black":"No", - "Cortex XDR":"No", - "CrowdStrike":"No", - "Cybereason":"No", - "ESET Inspect":"No", - "Elastic":"Via EventLogs", - "Harfanglab":"No", + "Carbon Black":"Not Implemented", + "Cortex XDR":"Not Implemented", + "CrowdStrike":"Not Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"", + "Harfanglab":"Not Implemented", "LimaCharlie":"Pending Response", - "MDE":"No", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"No", - "Trend Micro":"No", - "WatchGuard":"No" + "MDE":"Not Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":"Driver\/Module Activity", "Sub-Category":"Driver Loaded", - "Carbon Black":"No", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Yes", - "Symantec SES Complete":"No", - "Sysmon":"Yes", - "Trellix":"No", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Not Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Driver Modification", - "Carbon Black":"No", - "Cortex XDR":"No", - "CrowdStrike":"Yes", - "Cybereason":"No", - "ESET Inspect":"No", - "Elastic":"No", - "Harfanglab":"No", - "LimaCharlie":"Yes", - "MDE":"No", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"No", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Not Implemented", + "Cortex XDR":"Not Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Not Implemented", + "LimaCharlie":"Implemented", + "MDE":"Not Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Driver Unloaded", - "Carbon Black":"No", - "Cortex XDR":"No", - "CrowdStrike":"No", - "Cybereason":"No", - "ESET Inspect":"No", - "Elastic":"No", - "Harfanglab":"No", - "LimaCharlie":"No", - "MDE":"No", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"No", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Not Implemented", + "Cortex XDR":"Not Implemented", + "CrowdStrike":"Not Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Not Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Not Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":"Device Operations", "Sub-Category":"Virtual Disk Mount", - "Carbon Black":"No", - "Cortex XDR":"Partially", - "CrowdStrike":"Yes", - "Cybereason":"No", - "ESET Inspect":"No", - "Elastic":"No", - "Harfanglab":"No", - "LimaCharlie":"Yes", - "MDE":"No", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"No", - "Trend Micro":"No", - "WatchGuard":"Yes" + "Carbon Black":"Not Implemented", + "Cortex XDR":"Partially Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Not Implemented", + "LimaCharlie":"Implemented", + "MDE":"Not Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"USB Device Unmount", - "Carbon Black":"No", - "Cortex XDR":"Partially", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"No", - "Elastic":"No", - "Harfanglab":"No", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"Via EnablingTelemetry", - "Sysmon":"No", - "Trellix":"No", - "Trend Micro":"No", - "WatchGuard":"Yes" + "Carbon Black":"Not Implemented", + "Cortex XDR":"Partially Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Not Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"️", + "Sysmon":"Not Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"USB Device Mount", - "Carbon Black":"Partially", - "Cortex XDR":"Partially", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"No", - "Elastic":"No", - "Harfanglab":"No", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Via EnablingTelemetry", - "Symantec SES Complete":"Via EnablingTelemetry", - "Sysmon":"No", - "Trellix":"No", - "Trend Micro":"No", - "WatchGuard":"Yes" + "Carbon Black":"Partially Implemented", + "Cortex XDR":"Partially Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Not Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"️", + "Sophos":"Not Implemented", + "Symantec SES Complete":"️", + "Sysmon":"Not Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":"Other Relevant Events", "Sub-Category":"Group Policy Modification", - "Carbon Black":"No", - "Cortex XDR":"No", - "CrowdStrike":"No", - "Cybereason":"No", - "ESET Inspect":"No", - "Elastic":"No", - "Harfanglab":"No", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"No", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Not Implemented", + "Cortex XDR":"Not Implemented", + "CrowdStrike":"Not Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Not Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":"Named Pipe Activity", "Sub-Category":"Pipe Creation", - "Carbon Black":"Partially", - "Cortex XDR":"No", - "CrowdStrike":"Yes", - "Cybereason":"No", - "ESET Inspect":"Yes", - "Elastic":"No", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Via EnablingTelemetry", - "Symantec SES Complete":"No", - "Sysmon":"Yes", - "Trellix":"No", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Partially Implemented", + "Cortex XDR":"Not Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"️", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Implemented", + "Trellix":"Not Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Pipe Connection", - "Carbon Black":"No", - "Cortex XDR":"No", - "CrowdStrike":"Yes", - "Cybereason":"No", - "ESET Inspect":"No", - "Elastic":"No", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Via EnablingTelemetry", - "Symantec SES Complete":"No", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Not Implemented", + "Cortex XDR":"Not Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"️", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":"EDR SysOps", "Sub-Category":"Agent Start", - "Carbon Black":"No", - "Cortex XDR":"Partially", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"No", - "Elastic":"No", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Via EventLogs", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Via EnablingTelemetry", - "Sysmon":"Yes", + "Carbon Black":"Not Implemented", + "Cortex XDR":"Partially Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"️", + "Sysmon":"Implemented", "Trellix":"Pending Response", - "Trend Micro":"No", - "WatchGuard":"No" + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Agent Stop", - "Carbon Black":"No", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"No", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Via EventLogs", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Via EnablingTelemetry", - "Sysmon":"Yes", + "Carbon Black":"Not Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"️", + "Sysmon":"Implemented", "Trellix":"Pending Response", - "Trend Micro":"No", - "WatchGuard":"No" + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Agent Install", - "Carbon Black":"No", - "Cortex XDR":"Yes", - "CrowdStrike":"No", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"No", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Via EventLogs", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Via EnablingTelemetry", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"No", - "WatchGuard":"Yes" + "Carbon Black":"Not Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Not Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"️", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Agent Uninstall", - "Carbon Black":"No", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"No", - "LimaCharlie":"No", - "MDE":"No", - "Qualys":"No", - "Sentinel One":"Yes", - "Symantec SES Complete":"Via EnablingTelemetry", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"No", - "WatchGuard":"Yes" + "Carbon Black":"Not Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Not Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Not Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"️", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Agent Keep-Alive", - "Carbon Black":"No", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"No", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Via EventLogs", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Via EnablingTelemetry", - "Sysmon":"No", + "Carbon Black":"Not Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"️", + "Sysmon":"Not Implemented", "Trellix":"Pending Response", - "Trend Micro":"No", - "WatchGuard":"No" + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"Agent Errors", - "Carbon Black":"No", - "Cortex XDR":"Yes", - "CrowdStrike":"Yes", - "Cybereason":"No", - "ESET Inspect":"Yes", - "Elastic":"Yes", - "Harfanglab":"Yes", - "LimaCharlie":"Yes", - "MDE":"Yes", - "Qualys":"Yes", - "Sentinel One":"Yes", - "Symantec SES Complete":"Via EnablingTelemetry", - "Sysmon":"Yes", + "Carbon Black":"Not Implemented", + "Cortex XDR":"Implemented", + "CrowdStrike":"Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Implemented", + "MDE":"Implemented", + "Qualys":"Implemented", + "Sentinel One":"Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"️", + "Sysmon":"Implemented", "Trellix":"Pending Response", - "Trend Micro":"No", - "WatchGuard":"No" + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":"WMI Activity", "Sub-Category":"WmiEventConsumerToFilter", - "Carbon Black":"No", - "Cortex XDR":"Via EnablingTelemetry", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"No", - "Harfanglab":"Yes", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"Partially", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Via EventLogs", - "WatchGuard":"Yes" + "Carbon Black":"Not Implemented", + "Cortex XDR":"️", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Partially Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"WmiEventConsumer", - "Carbon Black":"No", - "Cortex XDR":"Via EnablingTelemetry", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"No", - "Harfanglab":"Yes", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"Partially", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Via EventLogs", - "WatchGuard":"Yes" + "Carbon Black":"Not Implemented", + "Cortex XDR":"️", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"", + "Symantec SES Complete":"Partially Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":null, "Sub-Category":"WmiEventFilter", - "Carbon Black":"No", - "Cortex XDR":"Via EnablingTelemetry", - "CrowdStrike":"Yes", - "Cybereason":"Yes", - "ESET Inspect":"Yes", - "Elastic":"No", - "Harfanglab":"Yes", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"Partially", - "Sysmon":"Yes", - "Trellix":"Yes", - "Trend Micro":"Via EventLogs", - "WatchGuard":"Yes" + "Carbon Black":"Not Implemented", + "Cortex XDR":"️", + "CrowdStrike":"Implemented", + "Cybereason":"Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Partially Implemented", + "Sysmon":"Implemented", + "Trellix":"Implemented", + "Trend Micro":"", + "WatchGuard":"Implemented" }, { "Telemetry Feature Category":"BIT JOBS Activity", "Sub-Category":"BIT JOBS Activity", - "Carbon Black":"No", - "Cortex XDR":"Via EnablingTelemetry", - "CrowdStrike":"Yes", - "Cybereason":"No", - "ESET Inspect":"No", - "Elastic":"No", - "Harfanglab":"No", - "LimaCharlie":"No", - "MDE":"No", - "Qualys":"No", - "Sentinel One":"No", - "Symantec SES Complete":"No", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Not Implemented", + "Cortex XDR":"️", + "CrowdStrike":"Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Not Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Not Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Not Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Not Implemented", + "Sophos":"Not Implemented", + "Symantec SES Complete":"Not Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" }, { "Telemetry Feature Category":"PowerShell Activity", "Sub-Category":"Script-Block Activity", - "Carbon Black":"Yes", - "Cortex XDR":"Via EventLogs", - "CrowdStrike":"Yes", - "Cybereason":"No", - "ESET Inspect":"Yes", - "Elastic":"No", - "Harfanglab":"Yes", - "LimaCharlie":"No", - "MDE":"Yes", - "Qualys":"No", - "Sentinel One":"Yes", - "Symantec SES Complete":"Yes", - "Sysmon":"No", - "Trellix":"Yes", - "Trend Micro":"No", - "WatchGuard":"No" + "Carbon Black":"Implemented", + "Cortex XDR":"", + "CrowdStrike":"Implemented", + "Cybereason":"Not Implemented", + "ESET Inspect":"Implemented", + "Elastic":"Not Implemented", + "Harfanglab":"Implemented", + "LimaCharlie":"Not Implemented", + "MDE":"Implemented", + "Qualys":"Not Implemented", + "Sentinel One":"Implemented", + "Sophos":"Partially Implemented", + "Symantec SES Complete":"Implemented", + "Sysmon":"Not Implemented", + "Trellix":"Implemented", + "Trend Micro":"Not Implemented", + "WatchGuard":"Not Implemented" } ] From 512e8397a808e352a3f5185cd21d1618f1d5713e Mon Sep 17 00:00:00 2001 From: Kostas Date: Wed, 22 May 2024 11:10:54 -0700 Subject: [PATCH 2/3] Update EDR_telem.json --- EDR_telem.json | 1654 ++++++++++++++++++++++++------------------------ 1 file changed, 827 insertions(+), 827 deletions(-) diff --git a/EDR_telem.json b/EDR_telem.json index 8fc47dd..d2217c2 100644 --- a/EDR_telem.json +++ b/EDR_telem.json @@ -2,1114 +2,1114 @@ { "Telemetry Feature Category":"Process Activity", "Sub-Category":"Process Creation", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"Process Termination", - "Carbon Black":"Partially Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Not Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Implemented", - "Trellix":"Not Implemented", + "Carbon Black":"Partially", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"No", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "Sentinel One":"No", + "Sophos":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"No", "Trend Micro":"️", - "WatchGuard":"Not Implemented" + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Process Access", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Partially Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Not Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Partially", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Image\/Library Loaded", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"Remote Thread Creation", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"Process Tampering Activity", - "Carbon Black":"Partially Implemented", - "Cortex XDR":"Partially Implemented", - "CrowdStrike":"Implemented", + "Carbon Black":"Partially", + "Cortex XDR":"Partially", + "CrowdStrike":"Yes", "Cybereason":"Pending Response", - "ESET Inspect":"Not Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Partially Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Not Implemented" + "ESET Inspect":"No", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"Partially", + "Sophos":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"No" }, { "Telemetry Feature Category":"File Manipulation", "Sub-Category":"File Creation", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Partially Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Partially Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Partially", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"Partially" }, { "Telemetry Feature Category":null, "Sub-Category":"File Opened", - "Carbon Black":"Implemented", - "Cortex XDR":"Not Implemented", - "CrowdStrike":"Partially Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Not Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Not Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", - "Trend Micro":"Partially Implemented", - "WatchGuard":"Partially Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"No", + "CrowdStrike":"Partially", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"No", + "Qualys":"No", + "Sentinel One":"No", + "Sophos":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Partially", + "WatchGuard":"Partially" }, { "Telemetry Feature Category":null, "Sub-Category":"File Deletion", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Not Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"No", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"File Modification", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Not Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"File Renaming", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Partially Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "WatchGuard":"Partially" }, { "Telemetry Feature Category":"User Account Activity", "Sub-Category":"Local Account Creation", - "Carbon Black":"Not Implemented", + "Carbon Black":"No", "Cortex XDR":"", - "CrowdStrike":"Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Implemented", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", "Elastic":"", "Harfanglab":"", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"No", "Sophos":"", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Local Account Modification", - "Carbon Black":"Not Implemented", + "Carbon Black":"No", "Cortex XDR":"", - "CrowdStrike":"Partially Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Implemented", + "CrowdStrike":"Partially", + "Cybereason":"No", + "ESET Inspect":"Yes", "Elastic":"", "Harfanglab":"", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"No", "Sophos":"", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Local Account Deletion", - "Carbon Black":"Not Implemented", + "Carbon Black":"No", "Cortex XDR":"", - "CrowdStrike":"Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Implemented", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", "Elastic":"", "Harfanglab":"", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"No", "Sophos":"", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Account Login", "Carbon Black":"", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Partially Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Implemented", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Partially", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"Yes", "Sophos":"", - "Symantec SES Complete":"Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", + "Symantec SES Complete":"Yes", + "Sysmon":"No", + "Trellix":"Yes", "Trend Micro":"", - "WatchGuard":"Implemented" + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"Account Logoff", "Carbon Black":"", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Not Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"No", + "Qualys":"No", + "Sentinel One":"No", "Sophos":"", - "Symantec SES Complete":"Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", + "Symantec SES Complete":"Yes", + "Sysmon":"No", + "Trellix":"Yes", "Trend Micro":"", - "WatchGuard":"Implemented" + "WatchGuard":"Yes" }, { "Telemetry Feature Category":"Network Activity", "Sub-Category":"TCP Connection", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Implemented", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"Yes", "Symantec SES Complete":"️", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Implemented" + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"UDP Connection", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Not Implemented", - "Elastic":"Implemented", + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", + "Elastic":"Yes", "Harfanglab":"", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Implemented", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "Sentinel One":"No", + "Sophos":"Yes", "Symantec SES Complete":"️", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Implemented" + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"URL", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Not Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Partially Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Partially Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", + "Elastic":"Partially", + "Harfanglab":"Yes", + "LimaCharlie":"Partially", + "MDE":"Yes", + "Qualys":"Yes", "Sentinel One":"️", - "Sophos":"Implemented", - "Symantec SES Complete":"Partially Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Partially Implemented" + "Sophos":"Yes", + "Symantec SES Complete":"Partially", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "WatchGuard":"Partially" }, { "Telemetry Feature Category":null, "Sub-Category":"DNS Query", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"File Downloaded", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Not Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Partially Implemented", - "ESET Inspect":"Partially Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Not Implemented", - "LimaCharlie":"Partially Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Not Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Implemented" + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"Yes", + "Cybereason":"Partially", + "ESET Inspect":"Partially", + "Elastic":"No", + "Harfanglab":"No", + "LimaCharlie":"Partially", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"No", + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"Yes", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":"Hash Algorithms", "Sub-Category":"MD5", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"SHA", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Not Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"Yes", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"IMPHASH", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Not Implemented", - "CrowdStrike":"Not Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Not Implemented", - "Elastic":"Partially Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Not Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Implemented", - "Trellix":"Not Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"No", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"Partially", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"No", + "Qualys":"No", + "Sentinel One":"No", + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"Yes", + "Trellix":"No", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":"Registry Activity", "Sub-Category":"Key\/Value Creation", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Partially Implemented", - "Cybereason":"Partially Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Partially Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Partially", + "Cybereason":"Partially", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"Partially", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"Key\/Value Modification", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Partially Implemented", - "Cybereason":"Partially Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"Partially", + "Cybereason":"Partially", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"Key\/Value Deletion", - "Carbon Black":"Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Not Implemented", - "Cybereason":"Partially Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Implemented", - "WatchGuard":"Implemented" + "Carbon Black":"Yes", + "Cortex XDR":"Yes", + "CrowdStrike":"No", + "Cybereason":"Partially", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"Yes", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"Yes", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":"Schedule Task Activity", "Sub-Category":"Scheduled Task Creation", - "Carbon Black":"Not Implemented", + "Carbon Black":"No", "Cortex XDR":"", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Not Implemented", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", "Elastic":"", "Harfanglab":"", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Implemented", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"Yes", "Sophos":"", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Not Implemented", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", "Trend Micro":"", - "WatchGuard":"Not Implemented" + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Scheduled Task Modification", - "Carbon Black":"Not Implemented", + "Carbon Black":"No", "Cortex XDR":"", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Not Implemented", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", "Elastic":"", "Harfanglab":"", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Scheduled Task Deletion", - "Carbon Black":"Not Implemented", + "Carbon Black":"No", "Cortex XDR":"", - "CrowdStrike":"Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Not Implemented", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"No", "Elastic":"", "Harfanglab":"", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Not Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":"Service Activity", "Sub-Category":"Service Creation", - "Carbon Black":"Partially Implemented", + "Carbon Black":"Partially", "Cortex XDR":"", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Not Implemented", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", "Elastic":"", "Harfanglab":"", - "LimaCharlie":"Implemented", + "LimaCharlie":"Yes", "MDE":"", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", + "Qualys":"No", + "Sentinel One":"No", "Sophos":"", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Not Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Partially Implemented" + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "WatchGuard":"Partially" }, { "Telemetry Feature Category":null, "Sub-Category":"Service Modification", - "Carbon Black":"Not Implemented", + "Carbon Black":"No", "Cortex XDR":"", - "CrowdStrike":"Partially Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Not Implemented", + "CrowdStrike":"Partially", + "Cybereason":"No", + "ESET Inspect":"No", "Elastic":"", "Harfanglab":"", - "LimaCharlie":"Implemented", - "MDE":"Not Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Partially Implemented" + "LimaCharlie":"Yes", + "MDE":"No", + "Qualys":"No", + "Sentinel One":"No", + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "WatchGuard":"Partially" }, { "Telemetry Feature Category":null, "Sub-Category":"Service Deletion", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Not Implemented", - "CrowdStrike":"Not Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Not Implemented", + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"No", + "Cybereason":"No", + "ESET Inspect":"No", "Elastic":"", - "Harfanglab":"Not Implemented", + "Harfanglab":"No", "LimaCharlie":"Pending Response", - "MDE":"Not Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Not Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "MDE":"No", + "Qualys":"No", + "Sentinel One":"No", + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":"Driver\/Module Activity", "Sub-Category":"Driver Loaded", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Implemented", - "Trellix":"Not Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Carbon Black":"No", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"Yes", + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"Yes", + "Trellix":"No", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Driver Modification", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Not Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Not Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Not Implemented", - "LimaCharlie":"Implemented", - "MDE":"Not Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Not Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"No", + "Harfanglab":"No", + "LimaCharlie":"Yes", + "MDE":"No", + "Qualys":"No", + "Sentinel One":"No", + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Driver Unloaded", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Not Implemented", - "CrowdStrike":"Not Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Not Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Not Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Not Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Not Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"No", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"No", + "Harfanglab":"No", + "LimaCharlie":"No", + "MDE":"No", + "Qualys":"No", + "Sentinel One":"No", + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":"Device Operations", "Sub-Category":"Virtual Disk Mount", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Partially Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Not Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Not Implemented", - "LimaCharlie":"Implemented", - "MDE":"Not Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Not Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Implemented" + "Carbon Black":"No", + "Cortex XDR":"Partially", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"No", + "Harfanglab":"No", + "LimaCharlie":"Yes", + "MDE":"No", + "Qualys":"No", + "Sentinel One":"No", + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"USB Device Unmount", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Partially Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Not Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Not Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Not Implemented", + "Carbon Black":"No", + "Cortex XDR":"Partially", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", + "Elastic":"No", + "Harfanglab":"No", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"No", + "Sophos":"No", "Symantec SES Complete":"️", - "Sysmon":"Not Implemented", - "Trellix":"Not Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Implemented" + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"USB Device Mount", - "Carbon Black":"Partially Implemented", - "Cortex XDR":"Partially Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Not Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Not Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", + "Carbon Black":"Partially", + "Cortex XDR":"Partially", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", + "Elastic":"No", + "Harfanglab":"No", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", "Sentinel One":"️", - "Sophos":"Not Implemented", + "Sophos":"No", "Symantec SES Complete":"️", - "Sysmon":"Not Implemented", - "Trellix":"Not Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Implemented" + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":"Other Relevant Events", "Sub-Category":"Group Policy Modification", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Not Implemented", - "CrowdStrike":"Not Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Not Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Not Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"No", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"No", + "Harfanglab":"No", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"No", "Sophos":"", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Not Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"No", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":"Named Pipe Activity", "Sub-Category":"Pipe Creation", - "Carbon Black":"Partially Implemented", - "Cortex XDR":"Not Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", + "Carbon Black":"Partially", + "Cortex XDR":"No", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", + "Elastic":"No", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"No", "Sentinel One":"️", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Implemented", - "Trellix":"Not Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"Yes", + "Trellix":"No", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Pipe Connection", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Not Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Not Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", + "Carbon Black":"No", + "Cortex XDR":"No", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"No", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"No", "Sentinel One":"️", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"Yes", + "Trellix":"Yes", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":"EDR SysOps", "Sub-Category":"Agent Start", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Partially Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Not Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", + "Carbon Black":"No", + "Cortex XDR":"Partially", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", + "Elastic":"No", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", "MDE":"", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"No", "Symantec SES Complete":"️", - "Sysmon":"Implemented", + "Sysmon":"Yes", "Trellix":"Pending Response", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Agent Stop", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Not Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", + "Carbon Black":"No", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"No", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", "MDE":"", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"No", "Symantec SES Complete":"️", - "Sysmon":"Implemented", + "Sysmon":"Yes", "Trellix":"Pending Response", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Agent Install", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Not Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", + "Carbon Black":"No", + "Cortex XDR":"Yes", + "CrowdStrike":"No", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"No", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", "MDE":"", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"No", "Symantec SES Complete":"️", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Implemented" + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"Agent Uninstall", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Not Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Not Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", + "Carbon Black":"No", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"No", + "LimaCharlie":"No", + "MDE":"No", + "Qualys":"No", + "Sentinel One":"Yes", + "Sophos":"No", "Symantec SES Complete":"️", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Implemented" + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"Agent Keep-Alive", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", + "Carbon Black":"No", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"No", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", "MDE":"", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"No", "Symantec SES Complete":"️", - "Sysmon":"Not Implemented", + "Sysmon":"No", "Trellix":"Pending Response", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Agent Errors", - "Carbon Black":"Not Implemented", - "Cortex XDR":"Implemented", - "CrowdStrike":"Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Implemented", - "MDE":"Implemented", - "Qualys":"Implemented", - "Sentinel One":"Implemented", - "Sophos":"Not Implemented", + "Carbon Black":"No", + "Cortex XDR":"Yes", + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", + "Elastic":"Yes", + "Harfanglab":"Yes", + "LimaCharlie":"Yes", + "MDE":"Yes", + "Qualys":"Yes", + "Sentinel One":"Yes", + "Sophos":"No", "Symantec SES Complete":"️", - "Sysmon":"Implemented", + "Sysmon":"Yes", "Trellix":"Pending Response", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":"WMI Activity", "Sub-Category":"WmiEventConsumerToFilter", - "Carbon Black":"Not Implemented", + "Carbon Black":"No", "Cortex XDR":"️", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Partially Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"No", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"No", + "Sophos":"No", + "Symantec SES Complete":"Partially", + "Sysmon":"Yes", + "Trellix":"Yes", "Trend Micro":"", - "WatchGuard":"Implemented" + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"WmiEventConsumer", - "Carbon Black":"Not Implemented", + "Carbon Black":"No", "Cortex XDR":"️", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"No", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"No", "Sophos":"", - "Symantec SES Complete":"Partially Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", + "Symantec SES Complete":"Partially", + "Sysmon":"Yes", + "Trellix":"Yes", "Trend Micro":"", - "WatchGuard":"Implemented" + "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"WmiEventFilter", - "Carbon Black":"Not Implemented", + "Carbon Black":"No", "Cortex XDR":"️", - "CrowdStrike":"Implemented", - "Cybereason":"Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Partially Implemented", - "Sysmon":"Implemented", - "Trellix":"Implemented", + "CrowdStrike":"Yes", + "Cybereason":"Yes", + "ESET Inspect":"Yes", + "Elastic":"No", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"No", + "Sophos":"No", + "Symantec SES Complete":"Partially", + "Sysmon":"Yes", + "Trellix":"Yes", "Trend Micro":"", - "WatchGuard":"Implemented" + "WatchGuard":"Yes" }, { "Telemetry Feature Category":"BIT JOBS Activity", "Sub-Category":"BIT JOBS Activity", - "Carbon Black":"Not Implemented", + "Carbon Black":"No", "Cortex XDR":"️", - "CrowdStrike":"Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Not Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Not Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Not Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Not Implemented", - "Sophos":"Not Implemented", - "Symantec SES Complete":"Not Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"No", + "Elastic":"No", + "Harfanglab":"No", + "LimaCharlie":"No", + "MDE":"No", + "Qualys":"No", + "Sentinel One":"No", + "Sophos":"No", + "Symantec SES Complete":"No", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "WatchGuard":"No" }, { "Telemetry Feature Category":"PowerShell Activity", "Sub-Category":"Script-Block Activity", - "Carbon Black":"Implemented", + "Carbon Black":"Yes", "Cortex XDR":"", - "CrowdStrike":"Implemented", - "Cybereason":"Not Implemented", - "ESET Inspect":"Implemented", - "Elastic":"Not Implemented", - "Harfanglab":"Implemented", - "LimaCharlie":"Not Implemented", - "MDE":"Implemented", - "Qualys":"Not Implemented", - "Sentinel One":"Implemented", - "Sophos":"Partially Implemented", - "Symantec SES Complete":"Implemented", - "Sysmon":"Not Implemented", - "Trellix":"Implemented", - "Trend Micro":"Not Implemented", - "WatchGuard":"Not Implemented" + "CrowdStrike":"Yes", + "Cybereason":"No", + "ESET Inspect":"Yes", + "Elastic":"No", + "Harfanglab":"Yes", + "LimaCharlie":"No", + "MDE":"Yes", + "Qualys":"No", + "Sentinel One":"Yes", + "Sophos":"Partially", + "Symantec SES Complete":"Yes", + "Sysmon":"No", + "Trellix":"Yes", + "Trend Micro":"No", + "WatchGuard":"No" } ] From b755d0ead6ca06de936912150319d59c8dde538f Mon Sep 17 00:00:00 2001 From: Kostas Date: Wed, 22 May 2024 11:14:28 -0700 Subject: [PATCH 3/3] Update EDR_telem.json --- EDR_telem.json | 136 ++++++++++++++++++++++++------------------------- 1 file changed, 68 insertions(+), 68 deletions(-) diff --git a/EDR_telem.json b/EDR_telem.json index d2217c2..418e60f 100644 --- a/EDR_telem.json +++ b/EDR_telem.json @@ -38,7 +38,7 @@ "Symantec SES Complete":"Yes", "Sysmon":"Yes", "Trellix":"No", - "Trend Micro":"️", + "Trend Micro":"Via EnablingTelemetry", "WatchGuard":"No" }, { @@ -234,17 +234,17 @@ "Telemetry Feature Category":"User Account Activity", "Sub-Category":"Local Account Creation", "Carbon Black":"No", - "Cortex XDR":"", + "Cortex XDR":"Via EventLogs", "CrowdStrike":"Yes", "Cybereason":"No", "ESET Inspect":"Yes", - "Elastic":"", - "Harfanglab":"", + "Elastic":"Via EventLogs", + "Harfanglab":"Via EventLogs", "LimaCharlie":"No", "MDE":"Yes", "Qualys":"No", "Sentinel One":"No", - "Sophos":"", + "Sophos":"Via EventLogs", "Symantec SES Complete":"No", "Sysmon":"No", "Trellix":"Yes", @@ -255,17 +255,17 @@ "Telemetry Feature Category":null, "Sub-Category":"Local Account Modification", "Carbon Black":"No", - "Cortex XDR":"", + "Cortex XDR":"Via EventLogs", "CrowdStrike":"Partially", "Cybereason":"No", "ESET Inspect":"Yes", - "Elastic":"", - "Harfanglab":"", + "Elastic":"Via EventLogs", + "Harfanglab":"Via EventLogs", "LimaCharlie":"No", "MDE":"Yes", "Qualys":"No", "Sentinel One":"No", - "Sophos":"", + "Sophos":"Via EventLogs", "Symantec SES Complete":"No", "Sysmon":"No", "Trellix":"Yes", @@ -276,17 +276,17 @@ "Telemetry Feature Category":null, "Sub-Category":"Local Account Deletion", "Carbon Black":"No", - "Cortex XDR":"", + "Cortex XDR":"Via EventLogs", "CrowdStrike":"Yes", "Cybereason":"No", "ESET Inspect":"Yes", - "Elastic":"", - "Harfanglab":"", + "Elastic":"Via EventLogs", + "Harfanglab":"Via EventLogs", "LimaCharlie":"No", "MDE":"Yes", "Qualys":"No", "Sentinel One":"No", - "Sophos":"", + "Sophos":"Via EventLogs", "Symantec SES Complete":"No", "Sysmon":"No", "Trellix":"Yes", @@ -296,7 +296,7 @@ { "Telemetry Feature Category":null, "Sub-Category":"Account Login", - "Carbon Black":"", + "Carbon Black":"Via EventLogs", "Cortex XDR":"Yes", "CrowdStrike":"Yes", "Cybereason":"Yes", @@ -307,17 +307,17 @@ "MDE":"Yes", "Qualys":"No", "Sentinel One":"Yes", - "Sophos":"", + "Sophos":"Via EventLogs", "Symantec SES Complete":"Yes", "Sysmon":"No", "Trellix":"Yes", - "Trend Micro":"", + "Trend Micro":"Via EventLogs", "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"Account Logoff", - "Carbon Black":"", + "Carbon Black":"Via EventLogs", "Cortex XDR":"Yes", "CrowdStrike":"Yes", "Cybereason":"Yes", @@ -328,11 +328,11 @@ "MDE":"No", "Qualys":"No", "Sentinel One":"No", - "Sophos":"", + "Sophos":"Via EventLogs", "Symantec SES Complete":"Yes", "Sysmon":"No", "Trellix":"Yes", - "Trend Micro":"", + "Trend Micro":"Via EventLogs", "WatchGuard":"Yes" }, { @@ -350,7 +350,7 @@ "Qualys":"Yes", "Sentinel One":"Yes", "Sophos":"Yes", - "Symantec SES Complete":"️", + "Symantec SES Complete":"Via EnablingTelemetry", "Sysmon":"Yes", "Trellix":"Yes", "Trend Micro":"Yes", @@ -365,13 +365,13 @@ "Cybereason":"Yes", "ESET Inspect":"No", "Elastic":"Yes", - "Harfanglab":"", + "Harfanglab":"Via EventLogs", "LimaCharlie":"Yes", "MDE":"Yes", "Qualys":"Yes", "Sentinel One":"No", "Sophos":"Yes", - "Symantec SES Complete":"️", + "Symantec SES Complete":"Via EnablingTelemetry", "Sysmon":"Yes", "Trellix":"Yes", "Trend Micro":"Yes", @@ -390,7 +390,7 @@ "LimaCharlie":"Partially", "MDE":"Yes", "Qualys":"Yes", - "Sentinel One":"️", + "Sentinel One":"Via EnablingTelemetry", "Sophos":"Yes", "Symantec SES Complete":"Partially", "Sysmon":"No", @@ -570,33 +570,33 @@ "Telemetry Feature Category":"Schedule Task Activity", "Sub-Category":"Scheduled Task Creation", "Carbon Black":"No", - "Cortex XDR":"", + "Cortex XDR":"Via EventLogs", "CrowdStrike":"Yes", "Cybereason":"Yes", "ESET Inspect":"No", - "Elastic":"", - "Harfanglab":"", + "Elastic":"Via EventLogs", + "Harfanglab":"Via EventLogs", "LimaCharlie":"No", "MDE":"Yes", "Qualys":"No", "Sentinel One":"Yes", - "Sophos":"", + "Sophos":"Via EventLogs", "Symantec SES Complete":"No", "Sysmon":"No", "Trellix":"No", - "Trend Micro":"", + "Trend Micro":"Via EventLogs", "WatchGuard":"No" }, { "Telemetry Feature Category":null, "Sub-Category":"Scheduled Task Modification", "Carbon Black":"No", - "Cortex XDR":"", + "Cortex XDR":"Via EventLogs", "CrowdStrike":"Yes", "Cybereason":"Yes", "ESET Inspect":"No", - "Elastic":"", - "Harfanglab":"", + "Elastic":"Via EventLogs", + "Harfanglab":"Via EventLogs", "LimaCharlie":"No", "MDE":"Yes", "Qualys":"No", @@ -612,12 +612,12 @@ "Telemetry Feature Category":null, "Sub-Category":"Scheduled Task Deletion", "Carbon Black":"No", - "Cortex XDR":"", + "Cortex XDR":"Via EventLogs", "CrowdStrike":"Yes", "Cybereason":"No", "ESET Inspect":"No", - "Elastic":"", - "Harfanglab":"", + "Elastic":"Via EventLogs", + "Harfanglab":"Via EventLogs", "LimaCharlie":"No", "MDE":"Yes", "Qualys":"No", @@ -633,17 +633,17 @@ "Telemetry Feature Category":"Service Activity", "Sub-Category":"Service Creation", "Carbon Black":"Partially", - "Cortex XDR":"", + "Cortex XDR":"Via EventLogs", "CrowdStrike":"Yes", "Cybereason":"Yes", "ESET Inspect":"No", - "Elastic":"", - "Harfanglab":"", + "Elastic":"Via EventLogs", + "Harfanglab":"Via EventLogs", "LimaCharlie":"Yes", - "MDE":"", + "MDE":"Via EventLogs", "Qualys":"No", "Sentinel One":"No", - "Sophos":"", + "Sophos":"Via EventLogs", "Symantec SES Complete":"No", "Sysmon":"No", "Trellix":"No", @@ -654,12 +654,12 @@ "Telemetry Feature Category":null, "Sub-Category":"Service Modification", "Carbon Black":"No", - "Cortex XDR":"", + "Cortex XDR":"Via EventLogs", "CrowdStrike":"Partially", "Cybereason":"No", "ESET Inspect":"No", - "Elastic":"", - "Harfanglab":"", + "Elastic":"Via EventLogs", + "Harfanglab":"Via EventLogs", "LimaCharlie":"Yes", "MDE":"No", "Qualys":"No", @@ -679,7 +679,7 @@ "CrowdStrike":"No", "Cybereason":"No", "ESET Inspect":"No", - "Elastic":"", + "Elastic":"Via EventLogs", "Harfanglab":"No", "LimaCharlie":"Pending Response", "MDE":"No", @@ -791,7 +791,7 @@ "Qualys":"No", "Sentinel One":"No", "Sophos":"No", - "Symantec SES Complete":"️", + "Symantec SES Complete":"Via EnablingTelemetry", "Sysmon":"No", "Trellix":"No", "Trend Micro":"No", @@ -810,9 +810,9 @@ "LimaCharlie":"No", "MDE":"Yes", "Qualys":"No", - "Sentinel One":"️", + "Sentinel One":"Via EnablingTelemetry", "Sophos":"No", - "Symantec SES Complete":"️", + "Symantec SES Complete":"Via EnablingTelemetry", "Sysmon":"No", "Trellix":"No", "Trend Micro":"No", @@ -832,7 +832,7 @@ "MDE":"Yes", "Qualys":"No", "Sentinel One":"No", - "Sophos":"", + "Sophos":"Via EventLogs", "Symantec SES Complete":"No", "Sysmon":"No", "Trellix":"No", @@ -852,7 +852,7 @@ "LimaCharlie":"Yes", "MDE":"Yes", "Qualys":"No", - "Sentinel One":"️", + "Sentinel One":"Via EnablingTelemetry", "Sophos":"No", "Symantec SES Complete":"No", "Sysmon":"Yes", @@ -873,7 +873,7 @@ "LimaCharlie":"Yes", "MDE":"Yes", "Qualys":"No", - "Sentinel One":"️", + "Sentinel One":"Via EnablingTelemetry", "Sophos":"No", "Symantec SES Complete":"No", "Sysmon":"Yes", @@ -892,11 +892,11 @@ "Elastic":"No", "Harfanglab":"Yes", "LimaCharlie":"Yes", - "MDE":"", + "MDE":"Via EventLogs", "Qualys":"Yes", "Sentinel One":"Yes", "Sophos":"No", - "Symantec SES Complete":"️", + "Symantec SES Complete":"Via EnablingTelemetry", "Sysmon":"Yes", "Trellix":"Pending Response", "Trend Micro":"No", @@ -913,11 +913,11 @@ "Elastic":"Yes", "Harfanglab":"Yes", "LimaCharlie":"Yes", - "MDE":"", + "MDE":"Via EventLogs", "Qualys":"Yes", "Sentinel One":"Yes", "Sophos":"No", - "Symantec SES Complete":"️", + "Symantec SES Complete":"Via EnablingTelemetry", "Sysmon":"Yes", "Trellix":"Pending Response", "Trend Micro":"No", @@ -934,11 +934,11 @@ "Elastic":"No", "Harfanglab":"Yes", "LimaCharlie":"Yes", - "MDE":"", + "MDE":"Via EventLogs", "Qualys":"Yes", "Sentinel One":"Yes", "Sophos":"No", - "Symantec SES Complete":"️", + "Symantec SES Complete":"Via EnablingTelemetry", "Sysmon":"No", "Trellix":"Yes", "Trend Micro":"No", @@ -959,7 +959,7 @@ "Qualys":"No", "Sentinel One":"Yes", "Sophos":"No", - "Symantec SES Complete":"️", + "Symantec SES Complete":"Via EnablingTelemetry", "Sysmon":"No", "Trellix":"Yes", "Trend Micro":"No", @@ -976,11 +976,11 @@ "Elastic":"No", "Harfanglab":"Yes", "LimaCharlie":"Yes", - "MDE":"", + "MDE":"Via EventLogs", "Qualys":"Yes", "Sentinel One":"Yes", "Sophos":"No", - "Symantec SES Complete":"️", + "Symantec SES Complete":"Via EnablingTelemetry", "Sysmon":"No", "Trellix":"Pending Response", "Trend Micro":"No", @@ -1001,7 +1001,7 @@ "Qualys":"Yes", "Sentinel One":"Yes", "Sophos":"No", - "Symantec SES Complete":"️", + "Symantec SES Complete":"Via EnablingTelemetry", "Sysmon":"Yes", "Trellix":"Pending Response", "Trend Micro":"No", @@ -1011,7 +1011,7 @@ "Telemetry Feature Category":"WMI Activity", "Sub-Category":"WmiEventConsumerToFilter", "Carbon Black":"No", - "Cortex XDR":"️", + "Cortex XDR":"Via EnablingTelemetry", "CrowdStrike":"Yes", "Cybereason":"Yes", "ESET Inspect":"Yes", @@ -1025,14 +1025,14 @@ "Symantec SES Complete":"Partially", "Sysmon":"Yes", "Trellix":"Yes", - "Trend Micro":"", + "Trend Micro":"Via EventLogs", "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"WmiEventConsumer", "Carbon Black":"No", - "Cortex XDR":"️", + "Cortex XDR":"Via EnablingTelemetry", "CrowdStrike":"Yes", "Cybereason":"Yes", "ESET Inspect":"Yes", @@ -1042,18 +1042,18 @@ "MDE":"Yes", "Qualys":"No", "Sentinel One":"No", - "Sophos":"", + "Sophos":"Via EventLogs", "Symantec SES Complete":"Partially", "Sysmon":"Yes", "Trellix":"Yes", - "Trend Micro":"", + "Trend Micro":"Via EventLogs", "WatchGuard":"Yes" }, { "Telemetry Feature Category":null, "Sub-Category":"WmiEventFilter", "Carbon Black":"No", - "Cortex XDR":"️", + "Cortex XDR":"Via EnablingTelemetry", "CrowdStrike":"Yes", "Cybereason":"Yes", "ESET Inspect":"Yes", @@ -1067,14 +1067,14 @@ "Symantec SES Complete":"Partially", "Sysmon":"Yes", "Trellix":"Yes", - "Trend Micro":"", + "Trend Micro":"Via EventLogs", "WatchGuard":"Yes" }, { "Telemetry Feature Category":"BIT JOBS Activity", "Sub-Category":"BIT JOBS Activity", "Carbon Black":"No", - "Cortex XDR":"️", + "Cortex XDR":"Via EnablingTelemetry", "CrowdStrike":"Yes", "Cybereason":"No", "ESET Inspect":"No", @@ -1095,7 +1095,7 @@ "Telemetry Feature Category":"PowerShell Activity", "Sub-Category":"Script-Block Activity", "Carbon Black":"Yes", - "Cortex XDR":"", + "Cortex XDR":"Via EventLogs", "CrowdStrike":"Yes", "Cybereason":"No", "ESET Inspect":"Yes",