{"id":13598764,"url":"https://github.com/tsale/EDR-Telemetry","last_synced_at":"2025-04-10T09:32:08.754Z","repository":{"id":151336514,"uuid":"622335595","full_name":"tsale/EDR-Telemetry","owner":"tsale","description":"This project aims to compare and evaluate the telemetry of various EDR products.","archived":false,"fork":false,"pushed_at":"2024-10-28T23:49:08.000Z","size":1062,"stargazers_count":1666,"open_issues_count":12,"forks_count":157,"subscribers_count":52,"default_branch":"main","last_synced_at":"2024-10-29T15:41:11.380Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tsale.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-01T20:02:33.000Z","updated_at":"2024-10-28T23:50:53.000Z","dependencies_parsed_at":"2024-03-02T23:22:17.394Z","dependency_job_id":"5f3c65d8-de69-4d99-8d9a-b7dcd1242174","html_url":"https://github.com/tsale/EDR-Telemetry","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsale%2FEDR-Telemetry","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsale%2FEDR-Telemetry/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsale%2FEDR-Telemetry/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsale%2FEDR-Telemetry/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tsale","download_url":"https://codeload.github.com/tsale/EDR-Telemetry/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248191779,"owners_count":21062570,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T17:00:55.999Z","updated_at":"2025-04-10T09:32:08.741Z","avatar_url":"https://github.com/tsale.png","language":"Python","funding_links":[],"categories":["Other Lists"],"sub_categories":["🖥️ SIEM/SOC/PurpleTeam related:"],"readme":"# EDR Telemetry\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"./images/logo_new.png\" width=\"200\" alt=\"EDR Telemetry Logo\"\u003e\n\u003c/p\u003e\n\n\u003cdiv align=\"center\"\u003e\n  \n[![Website](https://img.shields.io/badge/Website-EDR--Telemetry.com-blue)](https://www.edr-telemetry.com)\n[![FAQ](https://img.shields.io/badge/Wiki-FAQ-green)](https://github.com/tsale/EDR-Telemetry/wiki/FAQ)\n[![License: CC BY-NC 4.0](https://img.shields.io/badge/License-CC%20BY--NC%204.0-lightgrey.svg)](http://creativecommons.org/licenses/by-nc/4.0/)\n[![Stars](https://img.shields.io/github/stars/tsale/EDR-Telemetry)](https://github.com/tsale/EDR-Telemetry/stargazers)\n\n\u003c/div\u003e\n\n## 📖 About\n\nA comprehensive comparison of telemetry features from EDR products and endpoint agents like [Sysmon](https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon). This project enables security practitioners to evaluate telemetry capabilities while promoting vendor transparency.\n\n🌐 **[Visit our Website](https://www.edr-telemetry.com)** for the complete comparison and analysis.\n\n📝 Read more about this project in our [initial release blog post](https://detect.fyi/edr-telemetry-project-a-comprehensive-comparison-d5ed1745384b?sk=b5aade1de1afbabf687620a12aa7a581).\n\n## 🎯 Key Features\n\n- Comprehensive telemetry comparison across multiple EDR solutions\n- Detailed scoring system for feature evaluation\n- Regular updates to reflect the latest capabilities\n- Community-driven contributions and verification\n\n## 📊 Telemetry Comparison\n\nVisit our [EDR Telemetry Comparison Table](https://www.edr-telemetry.com) to see:\n- Feature-by-feature comparison\n- Detailed scoring metrics\n- Implementation status\n- Latest updates\n\n## 🤝 Contributing\n\nWe welcome contributions! Please check our [Contribution Guidelines](https://github.com/tsale/EDR-Telemetry/wiki#contribution-guidelines) for details on how to get involved.\n\n## ⚖️ Scoring System\n\nOur evaluation script assigns scores based on feature implementation:\n- ✅ Yes: 1.0\n- ⚠️ Partially: 0.5\n- 🎚️ Via EnablingTelemetry: 1.0\n- 🪵 Via EventLogs: 0.5\n- ❌ No: 0.0\n- ❓ Pending Response: 0.0\n\nView the complete [scoring breakdown](https://www.edr-telemetry.com/scores.html) on our website.\n\n## ⚠️ Disclaimer\n\nThe data presented reflects only the telemetry capabilities of each product, not their detection or prevention capabilities. For more details, please visit our [FAQ page](https://github.com/tsale/EDR-Telemetry/wiki/FAQ#7-what-is-the-scope-of-the-telemetry-comparison-table-for-edr-products).\n\n## 📜 License\n\nThis work is licensed under a [Creative Commons Attribution-NonCommercial 4.0 International License](http://creativecommons.org/licenses/by-nc/4.0/).\n\nThis means you are free to:\n- Share — copy and redistribute the material in any medium or format\n- Adapt — remix, transform, and build upon the material\n\nUnder the following terms:\n- **Attribution** — You must give appropriate credit, provide a link to the license, and indicate if changes were made.\n- **NonCommercial** — You may not use the material for commercial purposes without explicit permission from the author.\n\nFor commercial use, please [contact us](https://www.edr-telemetry.com/contact).\n\n## ✨ Contributors Wall\n\nThanks to these amazing contributors:\n\n\u003cp align=\"center\"\u003e\n\u003cdiv style=\"display: flex; flex-wrap: wrap; justify-content: center; gap: 10px;\"\u003e\n\n  \u003ca href=\"https://github.com/tsale\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/25332397?v=4\" alt=\"tsale\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/jdu2600\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/53329154?v=4\" alt=\"jdu2600\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/j91321\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/10012872?v=4\" alt=\"j91321\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/mthcht\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/75267080?v=4\" alt=\"mthcht\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/thiboog\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/63599089?v=4\" alt=\"thiboog\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/thomaspatzke\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/1845601?v=4\" alt=\"thomaspatzke\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/xC0uNt3r7hr34t\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/61033168?v=4\" alt=\"xC0uNt3r7hr34t\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/inodee\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/14159692?v=4\" alt=\"inodee\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/alwashali\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/22593441?v=4\" alt=\"alwashali\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/Guzzy711\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/27682662?v=4\" alt=\"Guzzy711\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/joshlemon-uptycs\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/116134008?v=4\" alt=\"joshlemon-uptycs\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/LuKePicci\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/8722358?v=4\" alt=\"LuKePicci\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/maximelb\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/15742543?v=4\" alt=\"maximelb\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/MyPeaches\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/31301492?v=4\" alt=\"MyPeaches\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/nasbench\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/8741929?v=4\" alt=\"nasbench\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/NicolasSchn\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/33519397?v=4\" alt=\"NicolasSchn\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/QueenSquishy\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/113638057?v=4\" alt=\"QueenSquishy\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/Robert-HarfangLab\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/157394511?v=4\" alt=\"Robert-HarfangLab\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/SecurityAura\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/20073832?v=4\" alt=\"SecurityAura\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/alextrender\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/60626919?v=4\" alt=\"alextrender\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/idev\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/76164?v=4\" alt=\"idev\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/johnk3r\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/6247648?v=4\" alt=\"johnk3r\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/pep-un\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/8629097?v=4\" alt=\"pep-un\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/zbeastofburden\" target=\"_blank\" style=\"text-decoration: none;\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/106751557?v=4\" alt=\"zbeastofburden\" width=\"50\" height=\"50\" style=\"border-radius: 50%; display: block; margin: 0;\" /\u003e\n  \u003c/a\u003e\n\u003c/div\u003e\n\u003c/p\u003e\n\n## Current Primary Maintainers\nKostas - [@kostastsale](https://twitter.com/Kostastsale)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftsale%2FEDR-Telemetry","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftsale%2FEDR-Telemetry","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftsale%2FEDR-Telemetry/lists"}