EDR Telemetry Project: Nextjs Migration and New Statistics Feature

The EDR Telemetry Project has officially migrated to Next.js, introducing a new Statistics feature to make telemetry data more understandable—not just accessible. This update transforms raw data into actionable insights, addressing key questions like:

• Which vendor performs best on a specific OS?
• What telemetry features are most commonly missing?
• How to present this data to decision-makers (e.g., CISOs)?

Key Enhancements:

📊 Interactive Charts (Bar, Radar, Pie)

📉 Platform-Specific Gaps (Windows vs. Linux)

🌐 Vendor Trends Visualized

🎯 Color-Coded Performance Metrics

🔎 Full-Site Search for Quick Navigation

Explore the Statistics Page: https://lnkd.in/gE8UFHAy
Project Website: https://edr-telemetry.com

You Should Know: Practical EDR Telemetry Analysis

1. Querying EDR Telemetry Data (Linux/Windows)

Use command-line tools to extract and analyze telemetry logs:

Linux (Auditd):

<h1>Check audit logs for process executions</h1>

sudo ausearch -k edr_telemetry -ts today

<h1>Monitor file modifications</h1>

sudo auditctl -w /path/to/sensitive/dir -p wa -k edr_monitor 

**Windows (PowerShell):**

<h1>Get EDR-related events from Windows Event Log</h1>

Get-WinEvent -FilterHashtable @{LogName="Security"; ProviderName="Microsoft-Windows-EDR"}

<h1>Export to CSV for analysis</h1>

Get-WinEvent -LogName "Security" | Export-Csv -Path "C:\EDR_Telemetry_Report.csv" 

#### **2. Analyzing Vendor Gaps**

Leverage Chart.js (used in the project) to visualize data:

// Sample code to create a radar chart for EDR coverage 
const ctx = document.getElementById('edrRadarChart').getContext('2d'); 
const chart = new Chart(ctx, { 
type: 'radar', 
data: { 
labels: ['Process Creation', 'Network Activity', 'File Integrity'], 
datasets: [{ 
label: 'Vendor A', 
data: [90, 70, 60], 
backgroundColor: 'rgba(75, 192, 192, 0.2)' 
}] 
} 
}); 

#### **3. Automating Telemetry Collection**

**Linux (Sysdig):**

<h1>Capture system calls for EDR analysis</h1>

sudo sysdig -w edr_telemetry.scap -p "%proc.name %fd.name" 

**Windows (Sysmon):**

<!-- Sysmon config to log process creation --> 
<EventFiltering> 
<RuleGroup name="EDR Telemetry"> 
<ProcessCreate onmatch="include"/> 
</RuleGroup> 
</EventFiltering> 

### **What Undercode Say**

The EDR Telemetry Project’s shift to Next.js and Chart.js democratizes threat detection analysis. By automating log collection (Auditd/Sysmon) and visualizing gaps, teams can:
– Benchmark vendor performance
– Justify EDR investments with data
– Train junior analysts on telemetry importance

Pro Tip: Combine this with MITRE ATT&CK mapping to prioritize telemetry for high-risk TTPs.

### **Expected Output:**

• EDR Statistics Page: https://lnkd.in/gE8UFHAy
• Project Website: https://edr-telemetry.com

References:

Reported By: Kostastsale Edr – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram