Add MDE monitoring configured via advanced features (#111)

* Add monitoring via advanced features * Update MDE status to 'No' for network sockets * Mark MDE Service Creation to Yes * Update MDE status to 'Partially' in EDR telemetry and provide explanation for partial availability in value explanations. --------- Co-authored-by: Kostas <[email protected]>
tsale · Jan 23, 2025 · ae1c6c1 · ae1c6c1
1 parent 45436ce
commit ae1c6c1
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/EDR_telem_linux.json b/EDR_telem_linux.json
@@ -248,7 +248,7 @@
     "ESET Inspect":"Yes",
     "Elastic":"No",
     "LimaCharlie":"No",
-    "MDE":"No",
+    "MDE":"Via EnablingTelemetry",
     "Qualys":"No",
     "SentinelOne":"No",
     "Sysmon":"No",
@@ -278,7 +278,7 @@
     "ESET Inspect":"No",
     "Elastic":"No",
     "LimaCharlie":"No",
-    "MDE":"No",
+    "MDE":"Via EnablingTelemetry",
     "Qualys":"No",
     "SentinelOne":"No",
     "Sysmon":"No",
@@ -338,7 +338,7 @@
     "ESET Inspect":"No",
     "Elastic":"No",
     "LimaCharlie":"Yes",
-    "MDE":"No",
+    "MDE":"Partially",
     "Qualys":"No",
     "SentinelOne":"Yes",
     "Sysmon":"No",

diff --git a/partially_value_explanations_linux.json b/partially_value_explanations_linux.json
@@ -316,7 +316,7 @@
       "CrowdStrike":"",
       "Sysmon":"",
       "LimaCharlie":"",
-      "MDE":"",
+      "MDE":{"Partially":"Only available through the timeline. Not searchable in a query."},
       "Elastic":"",
       "Auditd":"",
       "Carbon Black Cloud":""