diff --git a/EDR_telem_linux.json b/EDR_telem_linux.json
index 26d6b55..20a3caf 100644
--- a/EDR_telem_linux.json
+++ b/EDR_telem_linux.json
@@ -401,7 +401,7 @@
     "Elastic":"No",
     "Harfanglab":"No",
     "LimaCharlie":"Yes",
-    "MDE":"No",
+    "MDE":"Partially",
     "Qualys":"No",
     "SentinelOne":"Yes",
     "Sysmon":"Yes",
diff --git a/EDR_telem_windows.json b/EDR_telem_windows.json
index ddaf683..90cf00a 100644
--- a/EDR_telem_windows.json
+++ b/EDR_telem_windows.json
@@ -1209,7 +1209,7 @@
     "FortiEDR":"Yes",
     "Harfanglab":"Yes",
     "LimaCharlie":"Yes",
-    "MDE":"Via EventLogs",
+    "MDE":"Yes",
     "OpenEDR":"Yes",
     "PadvishXDR":"Yes",
     "Qualys":"Yes",
diff --git a/partially_value_explanations_linux.json b/partially_value_explanations_linux.json
index fbf69b5..25855f5 100644
--- a/partially_value_explanations_linux.json
+++ b/partially_value_explanations_linux.json
@@ -330,7 +330,7 @@
       "CrowdStrike":{"Partially":"Service-related events generated via D-Bus calls (as implemented in the test script for creating, modifying, and deleting services) are not visible in the console. This suggests CrowdStrike may not be fully monitoring systemd operations through D-Bus interfaces."},
       "Sysmon":"",
       "LimaCharlie":"",
-      "MDE":"",
+      "MDE":{"Partially":"Only available through the timeline. Not searchable in a query."},
       "Elastic":"",
       "Auditd":"",
       "Carbon Black Cloud":""