Kostas

Thanks @jdu2600, could you please provide some examples from the Elastic EDR events?

Thanks for that @jdu2600. I did have a look and I can confirm that, unlike what the article suggests, other EDR are also monitoring for this activity. Although it would...

Thanks for understanding. I re-opened this PR to consider the change for the sub-category name from "Remote Thread Creation" to "Thread Creation". @jdu2600 - Could you please provide a justification...

Good enough for me. For the record, difference explained here: > _Thread creation refers to the process of creating a new thread within the same application or process. Remote thread...

Thanks. No, we will need to validate, I would not commit just yet. I also would like a second approver for this (@inodee) @jdu2600 - Can you propose a testing...

Thank you very much for submitting this proposal @mthcht! Could you please include the below information so we can validate before merging? 1. Does Trellix EDR align with our definition...

This is great! Please give me some time to review and I'll reach out if I have any questions 🙂

Hey @mthcht, unfortunately, the link you provided me of the API documentation does not include a definitive answer to the fields we are looking for. It would be great if...

That is awesome @mthcht, thank you very much for all the info much appreciated! It will take me some time to go through and validate. I will reach out with...

@mthcht, I reviewed the submission and I have some questions regarding some of the sub-categories. See below: 1. I cannot see evidence for the UDP Connection, URL, Driver Loaded and...