File Opened - Crowdstrike

Open NicolasSchn opened this issue 3 years ago • 1 comments

Hello,

Regarding Crowdstrike telemetry, some events are generated only when EDR detects suspicious behavior in the same process tree (Event FileOpenInfo related to File Opened operation for example).

This does not mean that the box should be red, but it may be useful to add if a condition is necessary for the generation of the event.

Apr 20 '23 13:04 NicolasSchn

Hey @NicolasSchn, that claim seems to be valid!

Since we are here, any other cases that applies as well? We are happy to update to 'Partially Implemented' (amber icon) or wait for a PR from your side. Many thanks!

Apr 20 '23 20:04 inodee