Forum Discussion

eladfe's avatar
eladfe
Copper Contributor
Feb 15, 2022

Detection Rule That alert on specific software

hay 

is there an option to create a detection rule that alert on specific software that installed on devices ?

I want to get only new alerts , i don't want summary of all devices with this software.

 

thank you. 

  • I would love to see an answer here. I have been working on this also and short of using ARC to forward install events from the endpoints (which we can't do now) I haven't found a good way to do this.

  • jbmartin6's avatar
    jbmartin6
    Iron Contributor
    You could make an alert for file creation events for the files specific to the software you want to watch.

Resources