inodee
commented
1 year ago Hey @NicolasSchn, that claim seems to be valid!
Since we are here, any other cases that applies as well? We are happy to update to 'Partially Implemented' (amber icon) or wait for a PR from your side. Many thanks!
Hello,
Regarding Crowdstrike telemetry, some events are generated only when EDR detects suspicious behavior in the same process tree (Event FileOpenInfo related to File Opened operation for example).
This does not mean that the box should be red, but it may be useful to add if a condition is necessary for the generation of the event.