Update EDR_telem_linux.json - Uptycs Service Telemetry

[joshlemon]

EDR Telemetry Pull Request

Contribution Details

Telemetry Validation

For reference, this was a previous submission #149, which has since been updated in the Uptycs platform.

Run the following search in Uptycs using the dbus_events table:

select * from dbus_events where member in ('DisableUnitFiles','EnableUnitFiles') limit 100

The above search produces the following output in Uptycs:

Documentation or Evidence:

• Official documentation (link: )
• Screenshots attached
• Sanitized logs provided
• Private documentation (will share confidentially)

Type of Contribution

• Adding telemetry information for an existing EDR product
• Adding a new EDR product that meets eligibility criteria
• Proposing new event categories/sub-categories
• Documentation improvement
• Tool enhancement

Validation Details

EDR Product Information

• EDR Product Name: Uptycs
• EDR Version: 5.21
• Operating System(s) Tested: Linux

Testing Methodology

Running the provided Linux Telemetry script on a Linux host and reviewing data in the Uptycs platform.

python3 lnx_telem_gen.py ServiceManagement

Additional Notes

[tsale]

Hey @joshlemon - this captures enable/disable via systemd, which is just startup config, not creation or deletion of the service itself. Please correct me if I'm wrong.

[joshlemon]

Hey @tsale, this is capturing the Service Creation (EnableUnitFiles) via dbus from the test script, and the Disabling (DisableUnitFiles) of the Service from the test script.

You're correct; this submission doesn't capture the service's start or its stopping.

[joshlemon]

@tsale, would the capturing of a new .service file being written to disk and the actual deletion of that file be accepted for this telemetry as well?