New script that contains an algorithm to score EDRs of this project #61
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Credits go to SolitudePy for creating the core of this script. I made some slight changes to it.
This script evaluates and scores Endpoint Detection and Response Solutions based on their capabilities. It reads data from the main JSON file (EDR_telem.json), which contains information about various EDRs and their features. The script then calculates a score for each EDR based on the presence and absence of certain features, as well as the category of the feature.
The scoring logic is as follows:
Each feature and category is assigned a weight in the FEATURES_DICT_VALUED and CATEGORIES_VALUED dictionaries. The weights represent the importance of the feature or category. For example, a feature with a weight of 1 is considered more important than a feature with a weight of 0.5.
The script iterates over the EDR data, and for each EDR, it multiplies the weight of each feature by the weight of its category. This product is then added to the EDR's total score. If a feature is absent in an EDR, its weight is considered 0.
The final score for each EDRS is rounded to two decimal places for readability.
This scoring algorithm allows us to quantitatively compare different EDRs based on their capabilities. The higher the score, the more capable the EDR is. The weights can be adjusted as needed to reflect changes in the importance of different features or categories.