Forum Discussion
Hunting for deletion events
I was reading about a ransomware strain that deletes any folder called "System Volume Information" in an effort to prevent recovery, so I went to setup a hunting query or detection for that event. B...
Thijs Lecomte I've looked through the schema and scoured existing events but can't find anything. While I respect the power of Sysmon, I'm not at an organization with the resources to realistically collect sysmon logs from every endpoint.
I understand your pain...
I would recommend relying on MDfE solely then.
The EDR capability should be smart enough to detect most attacks
I would recommend relying on MDfE solely then.
The EDR capability should be smart enough to detect most attacks