tsale
commented
1 year ago Hey @rcegan, It looks like they have an EDR feature. Is it possible to contribute telemetry generated by their EDR?
Closed rcegan closed 4 months ago
tsale
commented
1 year ago Hey @rcegan, It looks like they have an EDR feature. Is it possible to contribute telemetry generated by their EDR?
rcegan
commented
1 year ago The product detects things, but it does not block anything like an EDR. If that's still acceptable, I can scrape together the telemetry and submit.
QueenSquishy
commented
1 year ago The product detects things, but it does not block anything like an EDR. If that's still acceptable, I can scrape together the telemetry and submit.
looks like specifically what you want from rapid7 is their "Enhanced Endpoint Telemetry" feature. if you have that then i would say its valid. Also importantly EDR doesnt necessitate blocking in fact in products like MDE Defender Antivirus actually does most the heavy lifting for prevention
tsale
commented
1 year ago I tend to agree with @QueenSquishy. For this project, we are not concert whether prevention is one of the product's feature. We're looking forward to a submission for InsightIDR 🙂.
tsale
commented
6 months ago @rcegan Are you still working on this? If not, I will close this issue.
I want to contribute data from Rapid7's InsightIDR product, however it's not necessarily a true EDR - it doesn't block/prevent, but creates detections and generates all the same kind of telemetry in a SIEM. Is this something that'd be accepted on the project?