Security telemetry is the data collected from endpoints, networks, and applications for security monitoring — process execution, network connections, file changes, authentication events.
More telemetry = better detection, but also more storage and analysis cost. Prioritize: authentication logs, network traffic metadata, process execution, and DNS queries — highest signal-to-noise. Less valuable: routine system calls, disk I/O.