From 1f57b3ae7a49d0fa2b3aa625ef400e642e31bf79 Mon Sep 17 00:00:00 2001
From: tsale <kostastsale@gmail.com>
Date: Thu, 6 Nov 2025 13:43:26 -0800
Subject: [PATCH] feat: enable CrowdStrike telemetry support for three
 additional Linux events

---
 EDR_telem_linux.json                    | 10 +++++-----
 partially_value_explanations_linux.json |  6 +++---
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/EDR_telem_linux.json b/EDR_telem_linux.json
index ef3e485..26d6b55 100644
--- a/EDR_telem_linux.json
+++ b/EDR_telem_linux.json
@@ -226,7 +226,7 @@
     "Auditd":"No",
     "BitDefender":"Yes",
     "Carbon Black Cloud":"No",
-    "CrowdStrike":"No",
+    "CrowdStrike":"Yes",
     "ESET Inspect":"No",
     "Elastic":"No",
     "Harfanglab":"No",
@@ -260,7 +260,7 @@
     "Auditd":"No",
     "BitDefender":"No",
     "Carbon Black Cloud":"No",
-    "CrowdStrike":"No",
+    "CrowdStrike":"Yes",
     "ESET Inspect":"No",
     "Elastic":"No",
     "Harfanglab":"No",
@@ -277,7 +277,7 @@
     "Auditd":"Yes",
     "BitDefender":"No",
     "Carbon Black Cloud":"No",
-    "CrowdStrike":"No",
+    "CrowdStrike":"Yes",
     "ESET Inspect":"Yes",
     "Elastic":"No",
     "Harfanglab":"No",
@@ -379,7 +379,7 @@
     "Auditd":"No",
     "BitDefender":"No",
     "Carbon Black Cloud":"No",
-    "CrowdStrike":"No",
+    "CrowdStrike":"Partially",
     "ESET Inspect":"No",
     "Elastic":"No",
     "Harfanglab":"No",
@@ -396,7 +396,7 @@
     "Auditd":"No",
     "BitDefender":"No",
     "Carbon Black Cloud":"No",
-    "CrowdStrike":"No",
+    "CrowdStrike":"Partially",
     "ESET Inspect":"No",
     "Elastic":"No",
     "Harfanglab":"No",
diff --git a/partially_value_explanations_linux.json b/partially_value_explanations_linux.json
index 1c78b14..fbf69b5 100644
--- a/partially_value_explanations_linux.json
+++ b/partially_value_explanations_linux.json
@@ -313,7 +313,7 @@
       "SentinelOne (Complete)":"",
       "Qualys":"",
       "Uptycs":"",
-      "CrowdStrike":"",
+      "CrowdStrike":{"Partially":"Service-related events generated via D-Bus calls (as implemented in the test script for creating, modifying, and deleting services) are not visible in the console. This suggests CrowdStrike may not be fully monitoring systemd operations through D-Bus interfaces."},
       "Sysmon":"",
       "LimaCharlie":"",
       "MDE":{"Partially":"Only available through the timeline. Not searchable in a query."},
@@ -327,7 +327,7 @@
       "SentinelOne (Complete)":"",
       "Qualys":"",
       "Uptycs":"",
-      "CrowdStrike":"",
+      "CrowdStrike":{"Partially":"Service-related events generated via D-Bus calls (as implemented in the test script for creating, modifying, and deleting services) are not visible in the console. This suggests CrowdStrike may not be fully monitoring systemd operations through D-Bus interfaces."},
       "Sysmon":"",
       "LimaCharlie":"",
       "MDE":"",
@@ -341,7 +341,7 @@
       "SentinelOne (Complete)":"",
       "Qualys":"",
       "Uptycs":"",
-      "CrowdStrike":"",
+      "CrowdStrike":{"Partially":"Service-related events generated via D-Bus calls (as implemented in the test script for creating, modifying, and deleting services) are not visible in the console. This suggests CrowdStrike may not be fully monitoring systemd operations through D-Bus interfaces."},
       "Sysmon":"",
       "LimaCharlie":"",
       "MDE":"",