A comprehensive comparison of telemetry features from EDR products and endpoint agents like Sysmon. This project enables security practitioners to evaluate telemetry capabilities while promoting vendor transparency.
🌐 Visit our Website for the complete comparison and analysis.
📝 Read more about this project in our initial release blog post.
- Comprehensive telemetry comparison across multiple EDR solutions
- Detailed scoring system for feature evaluation
- Regular updates to reflect the latest capabilities
- Community-driven contributions and verification
Visit our EDR Telemetry Comparison Table to see:
- Feature-by-feature comparison
- Detailed scoring metrics
- Implementation status
- Latest updates
We welcome contributions! Please check our Contribution Guidelines for details on how to get involved.
Our evaluation script assigns scores based on feature implementation:
- ✅ Yes: 1.0
⚠️ Partially: 0.5- 🎚️ Via EnablingTelemetry: 1.0
- 🪵 Via EventLogs: 0.5
- ❌ No: 0.0
- ❓ Pending Response: 0.0
View the complete scoring breakdown on our website.
The data presented reflects only the telemetry capabilities of each product, not their detection or prevention capabilities. For more details, please visit our FAQ page.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
This means you are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material
Under the following terms:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made.
- NonCommercial — You may not use the material for commercial purposes without explicit permission from the author.
For commercial use, please contact us.
Thanks to these amazing contributors:
Kostas - @kostastsale