Closed mthcht closed 1 year ago
Hey @mthcht, that's interesting. I would definitely monitor those when available.
Perhaps we should evaluate an "EDR Management Activity" as distinct category. However, the initial focus is on the logs generated by the agent deployed to target monitored endpoints, not on the overall EDR platform.
How many products you know already provide at least 2 of those 'subs' assuming that would fall into a wider category?
I will let @tsale provide his comments as well.
Hey @mthcht, that's interesting. I would definitely monitor those when available.
Perhaps we should evaluate an "EDR Management Activity" as distinct category. However, the initial focus is on the logs generated by the agent deployed to target monitored endpoints, not on the overall EDR platform.
How many products you know already provide at least 2 of those 'subs' assuming that would fall into a wider category?
I will let @tsale provide his comments as well.
ok makes sense, i have and monitor these logs for sentinelone and crowdstrike, i am not sure for the others EDR solutions.
Although it would be useful, I am not sure if these type of logs is something that needs to be included in this project, agree with @inodee. I'll close this for now and we can re-evaluate in the future if we find the need. Thanks for this suggestions tho @mthcht!
Is it possible to add a "console" category for logs generated through actions performed on the EDR console? This category could include: