MCPcopy Index your code
hub / github.com/tsale/EDR-Telemetry

github.com/tsale/EDR-Telemetry @v0.3

repository ↗ · DeepWiki ↗ · release v0.3 ↗ · + Follow
202 symbols 573 edges 23 files 91 documented · 45%
README

EDR Telemetry

EDR Telemetry Logo

Website FAQ License: CC BY-NC 4.0 Stars

📖 About

A comprehensive comparison of telemetry features from EDR products and endpoint agents like Sysmon. This project enables security practitioners to evaluate telemetry capabilities while promoting vendor transparency.

🌐 Visit our Website for the complete comparison and analysis.

📝 Read more about this project in our initial release blog post.

🎯 Key Features

  • Comprehensive telemetry comparison across multiple EDR solutions
  • Detailed scoring system for feature evaluation
  • Regular updates to reflect the latest capabilities
  • Community-driven contributions and verification

📊 Telemetry Comparison

Visit our EDR Telemetry Comparison Table to see: - Feature-by-feature comparison - Detailed scoring metrics - Implementation status - Latest updates

🤝 Contributing

We welcome contributions! Please check our Contribution Guidelines for details on how to get involved.

⚖️ Scoring System

Our evaluation script assigns scores based on feature implementation: - ✅ Yes: 1.0 - ⚠️ Partially: 0.5 - 🎚️ Via EnablingTelemetry: 1.0 - 🪵 Via EventLogs: 0.5 - ❌ No: 0.0 - ❓ Pending Response: 0.0

View the complete scoring breakdown on our website.

⚠️ Disclaimer

The data presented reflects only the telemetry capabilities of each product, not their detection or prevention capabilities. For more details, please visit our FAQ page.

📜 License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

This means you are free to: - Share — copy and redistribute the material in any medium or format - Adapt — remix, transform, and build upon the material

Under the following terms: - Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. - NonCommercial — You may not use the material for commercial purposes without explicit permission from the author.

For commercial use, please contact us.

✨ Contributors Wall

Thanks to these amazing contributors:

tsale jdu2600 j91321 mthcht thiboog thomaspatzke xC0uNt3r7hr34t inodee alwashali Guzzy711 joshlemon-uptycs LuKePicci maximelb MyPeaches nasbench NicolasSchn QueenSquishy Robert-HarfangLab SecurityAura alextrender idev johnk3r pep-un zbeastofburden

Current Primary Maintainers

Kostas - @kostastsale

Core symbols most depended-on inside this repo

_release
called by 18
Tools/Telemetry-Generator/macOS/complex/user_account_manager.py
_cfrelease
called by 9
Tools/Telemetry-Generator/macOS/complex/codesign_trust.py
_cfstr
called by 7
Tools/Telemetry-Generator/macOS/complex/user_account_manager.py
file_creation
called by 6
Tools/Telemetry-Generator/macOS/macos_telem_gen.py
_cf_error_str
called by 6
Tools/Telemetry-Generator/macOS/complex/user_account_manager.py
run
called by 5
Tools/Telemetry-Generator/Linux/lnx_telem_gen.py
_syscall_open
called by 5
Tools/Telemetry-Generator/macOS/macos_telem_gen.py
cfrelease
called by 5
Tools/Telemetry-Generator/macOS/complex/persistence_loginitem.py

Shape

Function 129
Method 56
Class 17

Languages

Python100%

Modules by API surface

Tools/Telemetry-Generator/macOS/macos_telem_gen.py36 symbols
Tools/Telemetry-Generator/macOS/complex/user_account_manager.py22 symbols
Tools/Telemetry-Generator/Linux/lnx_telem_gen.py20 symbols
Tools/Telemetry-Generator/macOS/complex/codesign_trust.py15 symbols
Tools/Telemetry-Generator/macOS/native.py11 symbols
Tools/Telemetry-Generator/macOS/complex/launchd_control.py11 symbols
Tools/Telemetry-Generator/Linux/complex/process_hijack_demo.py9 symbols
Tools/CloudFunction/main.py9 symbols
Tools/Telemetry-Generator/macOS/complex/process_injection.py7 symbols
Tools/Telemetry-Generator/macOS/complex/kext_operations.py7 symbols
Tools/Telemetry-Generator/Linux/complex/process_tampering.py7 symbols
Tools/Telemetry-Generator/macOS/complex/tcc_operations.py6 symbols

Dependencies from manifests, versioned

dbus-python1.2.18 · 1×
functions-framework3. · 1×
gotrue2. · 1×
pandas1.5.0 · 1×
postgrest0. · 1×
prettytable3.0.0 · 1×
python-dotenv1. · 1×
realtime1. · 1×
requests2. · 1×
storage30. · 1×
supabase2. · 1×

For agents

$ claude mcp add EDR-Telemetry \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact