Credits go to SolitudePy for creating the core of this script. I made some slight changes to it.
This script evaluates and scores Endpoint Detection and Response Solutions based on their capabilities. It reads data from the main JSON file (_EDRtelem.json), which contains information about various EDRs and their features. The script then calculates a score for each EDR based on the presence and absence of certain features, as well as the category of the feature.
The scoring logic is as follows:
Each feature and category is assigned a weight in the _FEATURES_DICTVALUED and _CATEGORIESVALUED dictionaries. The weights represent the importance of the feature or category. For example, a feature with a weight of 1 is considered more important than a feature with a weight of 0.5.
The script iterates over the EDR data, and for each EDR, it multiplies the weight of each feature by the weight of its category. This product is then added to the EDR's total score. If a feature is absent in an EDR, its weight is considered 0.
The final score for each EDRS is rounded to two decimal places for readability.
This scoring algorithm allows us to quantitatively compare different EDRs based on their capabilities. The higher the score, the more capable the EDR is. The weights can be adjusted as needed to reflect changes in the importance of different features or categories.
Summary
Credits go to SolitudePy for creating the core of this script. I made some slight changes to it.
This script evaluates and scores Endpoint Detection and Response Solutions based on their capabilities. It reads data from the main JSON file (_EDRtelem.json), which contains information about various EDRs and their features. The script then calculates a score for each EDR based on the presence and absence of certain features, as well as the category of the feature.
The scoring logic is as follows:
Each feature and category is assigned a weight in the _FEATURES_DICTVALUED and _CATEGORIESVALUED dictionaries. The weights represent the importance of the feature or category. For example, a feature with a weight of 1 is considered more important than a feature with a weight of 0.5.
The script iterates over the EDR data, and for each EDR, it multiplies the weight of each feature by the weight of its category. This product is then added to the EDR's total score. If a feature is absent in an EDR, its weight is considered 0.
The final score for each EDRS is rounded to two decimal places for readability.
This scoring algorithm allows us to quantitatively compare different EDRs based on their capabilities. The higher the score, the more capable the EDR is. The weights can be adjusted as needed to reflect changes in the importance of different features or categories.