Forum Discussion

msef280's avatar
msef280
Copper Contributor
Feb 02, 2022

Rule To Detect Ransomware

Hi,

 

I am trying to build a rule to detect ransomware. I was following the rule "Advanced multistage attack detection" but most of the log sources it has coming from Microsoft products look like although it does have something called "Raw logs from other sources" so does it mean that it will analyze all other data that is coming in my environment?  We will be doing a ransomware simulation so I want to create a rule to observe on Sentinel so when the simulation starts, I can track unusual activity.   

 

Any suggestion would be appreciated. 

    • msef280's avatar
      msef280
      Copper Contributor
      Hi Gary,

      Yes I saw this one & modified it too but as you mentioned it is more MS specific rule. Son basically we will be doing one ransomware simulation so when that exercise happens, I want tom setup something which will detect the activity.

Resources