At this time there is a lack of information of what exactly is meant by the subparts of Elastic Defend:
https://www.elastic.co/guide/en/security/master/configure-endpoint-integration-policy.html#event-collection
We should add some more information of what exactly we mean by Event collection. What does that mean from an Endpoint perspective.
I would review the following subparts as a first start:
^^ @jmikell821
At this time there is a lack of information of what exactly is meant by the subparts of Elastic Defend:
https://www.elastic.co/guide/en/security/master/configure-endpoint-integration-policy.html#event-collection
We should add some more information of what exactly we mean by Event collection. What does that mean from an Endpoint perspective.
I would review the following subparts as a first start:
Especially for the latter what means e.g. a File Event under Windows respectively Linux or MacOS?
^^ @jmikell821