Closed rcegan closed 4 months ago
Hey @rcegan, It looks like they have an EDR feature. Is it possible to contribute telemetry generated by their EDR?
The product detects things, but it does not block anything like an EDR. If that's still acceptable, I can scrape together the telemetry and submit.
The product detects things, but it does not block anything like an EDR. If that's still acceptable, I can scrape together the telemetry and submit.
looks like specifically what you want from rapid7 is their "Enhanced Endpoint Telemetry" feature. if you have that then i would say its valid. Also importantly EDR doesnt necessitate blocking in fact in products like MDE Defender Antivirus actually does most the heavy lifting for prevention
I tend to agree with @QueenSquishy. For this project, we are not concert whether prevention is one of the product's feature. We're looking forward to a submission for InsightIDR 🙂.
@rcegan Are you still working on this? If not, I will close this issue.
I want to contribute data from Rapid7's InsightIDR product, however it's not necessarily a true EDR - it doesn't block/prevent, but creates detections and generates all the same kind of telemetry in a SIEM. Is this something that'd be accepted on the project?