EDR Telemetry Scores
Compare the telemetry capabilities of different EDR solutions based on our scoring methodology.
Understanding the Scores
Our scoring system evaluates EDR solutions based on telemetry capabilities across various categories. Each telemetry feature is weighted based on its importance in endpoint detection and response.
Status Values
| Status | Value |
|---|---|
| Yes | 1.0 |
| Via EnablingTelemetry | 1.0 |
| Partially | 0.5 |
| Via EventLogs | 0.5 |
| No | 0 |
| Pending Response | 0 |
Feature Weights
Each telemetry feature category is weighted based on its importance in the overall assessment. Some key examples include:
Process Creation1.0
Process Access1.0
File Creation1.0
File Modification1.0
File Deletion1.0
DNS Query1.0
TCP Connection1.0
Remote Thread1.0
File Renaming0.7
Account Login0.7
Process Termination0.5
Account Logoff0.4
Final Score Calculation
Total Score = Σ (Status Value × Feature Weight)
The final score represents the weighted sum of all features, providing a comprehensive evaluation of each EDR solution's telemetry capabilities.
To calculate the score:
- For each telemetry feature (sub-category), we determine the implementation status (Yes, Partially, Via EventLogs, etc.)
- The status is converted to a numerical value according to the status table
- This value is multiplied by the weight assigned to that feature category
- All weighted values are summed to produce the final score
This methodology ensures that more critical telemetry capabilities have a greater impact on the overall score, providing a fair and accurate comparison between different EDR solutions.