Please provide the below information so we can validate before merging:
Does the proposed EDR feature align with our definition of telemetry?(definition here)
Could you please provide documentation to support the telemetry you are proposing?(If it is held privately, please reach out to me or @inodee)
If no documentation is available for all the categories you are proposing, could you provide screenshots or sanitized logs?
1: Yes
2: This detail is not specified in the documentation, the information was provided to me by Crowdstrike support when I was surprised not to find this event in the telemetry. Indeed, some events are generated only when EDR detects suspicious behavior in the same process tree.
3: N/A
Type of change
Please delete options that are not relevant.
[X] Feature Improvement (non-breaking change which fixes an issue)
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.
[X] Custom script that retrieves information by opening sqlite databases linked to chrome or Microsoft Teams to steal information (tokens, password, etc.)
Test Configuration:
EDR version: Current CrowdStrike agent version
Operating System version: Windows
Checklist:
[X] My code follows the style guidelines of this project
[X] I have performed a self-review of my own code
[X] I have made corresponding changes to the documentation
[X] I have added tests that prove my corrections or additions are accurate
[X] I have checked my code and corrected any misspellings
Don't stress yourself out, just answer the above to the best of your ability and we can discuss in the comments 🙂
Related to #12
Pull Request Template
Description
Please provide the below information so we can validate before merging:
1: Yes 2: This detail is not specified in the documentation, the information was provided to me by Crowdstrike support when I was surprised not to find this event in the telemetry. Indeed, some events are generated only when EDR detects suspicious behavior in the same process tree. 3: N/A
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.
Test Configuration:
Checklist:
Don't stress yourself out, just answer the above to the best of your ability and we can discuss in the comments 🙂