EDR Telemetry Scores

Compare the telemetry capabilities of different EDR solutions based on our scoring methodology.

Understanding the Scores

Our scoring system evaluates EDR solutions based on telemetry capabilities across various categories. Each telemetry feature is weighted based on its importance in endpoint detection and response.

Status Values

StatusValue
Yes1.0
Via EnablingTelemetry1.0
Partially0.5
Via EventLogs0.5
No0
Pending Response0

Feature Weights

Each telemetry feature category is weighted based on its importance in the overall assessment. Some key examples include:

Process Creation1.0
Process Access1.0
File Creation1.0
File Modification1.0
File Deletion1.0
DNS Query1.0
TCP Connection1.0
Remote Thread1.0
File Renaming0.7
Account Login0.7
Process Termination0.5
Account Logoff0.4
View complete weight distribution on GitHub

Final Score Calculation

Total Score = Σ (Status Value × Feature Weight)
The final score represents the weighted sum of all features, providing a comprehensive evaluation of each EDR solution's telemetry capabilities.

To calculate the score:

  1. For each telemetry feature (sub-category), we determine the implementation status (Yes, Partially, Via EventLogs, etc.)
  2. The status is converted to a numerical value according to the status table
  3. This value is multiplied by the weight assigned to that feature category
  4. All weighted values are summed to produce the final score

This methodology ensures that more critical telemetry capabilities have a greater impact on the overall score, providing a fair and accurate comparison between different EDR solutions.