EDR Telemetry
EDR Telemetry

How to Contribute

Join our community of contributors and help improve EDR telemetry understanding

📝

About Contributions

We welcome all kinds of contributions to the EDR_telem.json file. Use our tools to make contributing easier:

  • ✓Convert between JSON and CSV formats
  • ✓Edit in your preferred format
  • ✓Automatic validation checks
✅

Validation Process

All contributions require validation through either:

📸Telemetry Screenshots
đŸĒĩOfficial Documentation
ℹī¸

Private documentation can be shared confidentially with Kostas

🔎 Evidence Requirements

Status changes need evidence that can be rechecked. A screenshot or documentation link is useful, but disputed direct-test conclusions should also show what was executed, what was searched, and why the final status follows the methodology.

Accepted evidence

  • Official vendor documentation
  • Screenshots of telemetry exposed by the product
  • Log extracts or raw event records
  • Direct hands-on testing results
  • Private documentation shared confidentially for validation

Direct-test checklist

  • Test/action executed and UTC execution timestamp
  • Endpoint, OS build, sensor version, and policy/configuration
  • Expected telemetry target and status being requested
  • Query/search used, time window, raw event source, table, or index
  • Observed fields, missing expected fields, screenshot or raw export
  • Rationale for Yes, Partially, Via EventLogs, Via EnablingTelemetry, No, or Pending Response

For No or absence findings

Document the search window, sources searched, queries or search terms, covered time range, endpoint identifiers examined, and any relevant vendor table or index guidance. Vague claims are not enough to upgrade or downgrade a status.

View the full evidence package standard

🚀 Contribution Steps

1

Fork Repository

Create your own copy of the project:

  1. Visit main repository
  2. Click "Fork" button
  3. Select your account
↓
2

Create Branch

Make a new branch for your changes

git checkout -b feature-branch-name
↓
3

Make Changes

Use these values in your changes:

✅YesImplemented
❌NoNot Implemented
⚠ī¸PartiallyPartially Implemented
❓PendingPending Response
đŸĒĩVia EventLogsCollected from Windows Event Logs
🎚ī¸Via EnablingTelemetryAdditional telemetry capability
↓
4

Submit PR

Create a pull request:

  • Push your changes
  • Open pull request
  • Add documentation
  • Wait for review

📋 Additional Guidelines

🐛

Reporting Issues

  • Check existing issues
  • Use latest version
  • Clear descriptions
  • Reproduction steps
💡

Feature Requests

  • Check existing proposals
  • Clear title
  • Detailed description
  • Use case examples

Ready to Contribute?

We welcome contributions of all sizes. Every bit helps improve the project!

Get Started on GitHubContact Us