Telemetry and Detection
What EDR collects.
What Is Telemetry
Telemetry is the data an EDR agent collects from an endpoint.
It is the raw record of what is happening on a device, and it is the foundation of every detection.
Process Activity
EDR records every process that starts, including who launched it and what command line was used.
Telemetry sample:
parent: winword.exe
child: powershell.exe
args: -enc ZQBjAGgAbwA...All lessons in this course
- What Is EDR
- Telemetry and Detection
- Response Actions
- EDR vs Antivirus