Defender for Endpoint data

tsale / EDR-Telemetry

This project aims to compare and evaluate the telemetry of various EDR products.

1.5k stars 142 forks source link

Defender for Endpoint data #4

Closed lawndoc closed 1 year ago

lawndoc commented 1 year ago

Looks like Defender for Endpoint telemetry information is missing.

I can help get some stuff started based on what is available through Advanced Hunting. There may be additional data available in the device timeline as pointed out by Olaf Hartong, and potentially other sources locally. But I could at least provide a place to start if you don't mind having some fields with ❓ for a while

tsale commented 1 year ago

Thanks @lawndoc! Do you have specific event categories or sub-categories in mind?

lawndoc commented 1 year ago

Just kidding I'm blind lol I didn't see the MDE column.