Forum Discussion
eladfe
Feb 15, 2022Copper Contributor
Detection Rule That alert on specific software
hay
is there an option to create a detection rule that alert on specific software that installed on devices ?
I want to get only new alerts , i don't want summary of all devices with this software.
thank you.
- Chris_Orr_-_OgletreeCopper Contributor
I would love to see an answer here. I have been working on this also and short of using ARC to forward install events from the endpoints (which we can't do now) I haven't found a good way to do this.
- jbmartin6Iron ContributorYou could make an alert for file creation events for the files specific to the software you want to watch.