Let's SOC About It What Is the EDR Telemetry Project?
Jun 5, 2025
Kostas Tsialemis, an independent security consultant behind the DFIR Report and the EDR Telemetry Project, dives deep into the importance of EDR telemetry data. He explains how this data enhances threat detection and investigations. Kostas discusses the project's aim to unify telemetry information across different vendors, addressing the variability in data collection methods and gaps in vendor documentation. He advocates for community collaboration to improve product transparency and shares insights on how cybersecurity practitioners can leverage this crucial information for better incident response.
AI Snips
Chapters
Transcript
Episode notes
EDR Telemetry Project Purpose
- The EDR Telemetry Project exposes differences in telemetry data availability across vendors.
- This transparency helps users understand and utilize telemetry for threat hunting and incident response.
Vendor Documentation Gaps
- Many EDR vendors lack proper documentation or fail to deliver telemetry as advertised.
- Independent testing identifies these gaps, prompting vendors to fix issues and improve transparency.
Telemetry Scoring Guidance
- Use the EDR Telemetry Project's weighted scoring to compare vendors' telemetry capabilities.
- Focus more on high-score categories like process creation and file modification for investigations.