-
Notifications
You must be signed in to change notification settings - Fork 143
Home
Thank you for your interest in contributing to our project! We appreciate your efforts and time and welcome all kinds of contributions, whether you report an issue, make a feature request, or submit pull requests. All proposed additions or modifications to this project will be made to the main EDR_telem.json file.
To make it easier for people to contribute, we have a python script to convert from JSON to CSV and the other way around. Folks can convert the JSON to CSV, edit the CSV, and convert it back to JSON, OR, contributors could make the changes directly to the JSON file.
Please note that we validate all additions or proposed modifications before pushing an update. To validate, contributors must include either screenshots of the telemetry or official documentation with the event categories/schema. If you wish to keep the documentation private, please share it with @kostastsale or @ateixei to only validate the entries without releasing it to the public.
To ensure a smooth and efficient collaboration process, please follow the guidelines outlined below.
Before reporting an issue, please:
- Check the existing issues to see if your issue is already reported.
- Make sure you are using the latest version of the project.
- Provide a clear and descriptive title for the issue.
- Include a detailed description of the issue, including steps to reproduce, expected behavior, and any relevant error messages or screenshots.
If you have an idea for a new feature or telemetry enhancement for a specific vendor, please:
- Check the existing issues to see if your feature has already been proposed.
- Provide a clear and descriptive title for your feature request.
- Describe the feature in detail, including the
The steps below provide an example of contributing to this project:
You'll need to create a fork of the main repository to get started. This will create a copy of the repository under your GitHub account, allowing you to make changes without affecting the main project.
- Go to the main repository page on GitHub.
- Click the "Fork" button in the top-right corner of the page.
- Select your GitHub account as the destination for the fork.
Before making changes, it's best to create a new branch to work on. This keeps your changes separate from the main branch, allowing for easier organization and tracking of your contributions.
Now you're ready to make your additions or modifications to the main EDR_telem.json file.
- Make your additions or modifications to the file, following the existing structure and format.
- Please populate the events with the below attributes from the JSON Values column:
| CSV Values | JSON Values | Description |
|---|---|---|
| ✅ | Yes | Implemented |
| ❌ | No | Not Implemented |
| Partially | Partially Implemented | |
| ❓ | Pending | Pending Response |
| 🪵 | Via EventLogs | Via Windows EventLogs |
| 🎚️ | Via EnablingTelemetry | Additional telemetry that can be enabled easily as part of the EDR product but is not on by default. |
Note that the icons are used only when editing the CSV——not the JSON file. The convert.py script under tools can convert the String values to Icons for better visual representation of the values when converting from JSON to CSV.
After making your changes, you'll need to commit and push them to your forked repository on GitHub.
Finally, you'll need to create a pull request to propose your changes to the main branch and wait for review.
- Go to the main repository page on GitHub.
- Click the "Pull Requests" tab.
- Click the "New Pull Request" button.
- In the "compare" section, select your forked repository and the branch you created in Step #3.
- Review your changes and click the "Create Pull Request" button.
- Provide a detailed description of your changes, provide proof for the proposed changes (from Official docs/Screenshots), and click "Create Pull Request" to submit your proposal.
After submitting your pull request, the project maintainers will review your changes and provide feedback. If your changes are accepted, they will be merged into the main project.
Thank you for your interest in contributing to our project! We appreciate your support!
Below are links to the documentation that we used to populate the comparison table. In cases where the documentation was not clear, we proceeded with lab testing by using methods such as the Atomic Red Team project to retrieve the expected telemetry results.