Format of the events contained in telemetry data

Advanced EDR monitors the processes that run on customer computers and sends the generated telemetry data to the Cytomic cloud. Specialized threat hunters use this data to detect indicators of attack (IOA) on customer IT resources.

Telemetry data is stored in events which consist of several fields. Analysts must understand the meaning of each of these fields to correctly interpret event information.

The information about the event that triggered the IOA is available in JSON format on the IOA details page, as well as in the attack graphs. For more information about the IOA detection module, see Indicators of attack settings .

You can also access the full telemetry data generated by a computer on the Investigation tab on the computer details page. See Investigation section (5).

For more information about the types of events, see Fields in the Events Received by Cytomic Orion.