-
Notifications
You must be signed in to change notification settings - Fork 202
Open
Labels
Effort: LargeIssues that require significant planning, research, writing, and testingIssues that require significant planning, research, writing, and testingFeature: Elastic DefendPriority: MediumIssues that have relevance, but aren't urgentIssues that have relevance, but aren't urgentTeam: EDR WorkflowsFormerly Defend Workflows, Onboarding and Lifecycle ManagementFormerly Defend Workflows, Onboarding and Lifecycle ManagementTeam: EndpointEndpoint related issuesEndpoint related issuesv8.8.0
Description
At this time there is a lack of information of what exactly is meant by the subparts of Elastic Defend:
https://www.elastic.co/guide/en/security/master/configure-endpoint-integration-policy.html#event-collection
We should add some more information of what exactly we mean by Event collection. What does that mean from an Endpoint perspective.
I would review the following subparts as a first start:
- Ransomware Protection
- Memory threat protection
- Malicious behaviour detection
- Event Collection
- Credential Access
- DLL and Driver Load
- DNS
- File
- Network
- Process
- Registry
- Security
Especially for the latter what means e.g. a File Event under Windows respectively Linux or MacOS?
^^ @jmikell821
Metadata
Metadata
Assignees
Labels
Effort: LargeIssues that require significant planning, research, writing, and testingIssues that require significant planning, research, writing, and testingFeature: Elastic DefendPriority: MediumIssues that have relevance, but aren't urgentIssues that have relevance, but aren't urgentTeam: EDR WorkflowsFormerly Defend Workflows, Onboarding and Lifecycle ManagementFormerly Defend Workflows, Onboarding and Lifecycle ManagementTeam: EndpointEndpoint related issuesEndpoint related issuesv8.8.0