Documentation and evidence provided by a contributor suggesting that CrowdStrike includes telemetry for WMI Event Filter + WMI Event Consumer fields.
Does the proposed EDR feature align with our definition of telemetry?(definition here)
Could you please provide documentation to support the telemetry you are proposing?(If it is held privately, please reach out to me or @inodee)
If no documentation is available for all the categories you are proposing, could you provide screenshots or sanitized logs?
1: Yes\
2: Yes\
3: Yes
Type of change
Please delete options that are not relevant.
[x] Feature Improvement (non-breaking change which fixes an issue)
[ ] New feature (adding additional EDR product or proposing new event categories/sub-categories)
[ ] This change requires a documentation update
[ ] New tool (suggesting additional tools for improving collection and analysis)
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.
Pull Request Template
Description
Documentation and evidence provided by a contributor suggesting that CrowdStrike includes telemetry for WMI Event Filter + WMI Event Consumer fields.
1: Yes\ 2: Yes\ 3: Yes
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.