Forum Discussion
Rule To Detect Ransomware
Hi, I am trying to build a rule to detect ransomware. I was following the rule "Advanced multistage attack detection" but most of the log sources it has coming from Microsoft products look like a...
Not sure if you have seen this article but it does appear that the Fusion for Ransomware is pretty much limited to MS Security products: https://docs.microsoft.com/en-us/azure/sentinel/fusion
Hi Gary,
Yes I saw this one & modified it too but as you mentioned it is more MS specific rule. Son basically we will be doing one ransomware simulation so when that exercise happens, I want tom setup something which will detect the activity.
Yes I saw this one & modified it too but as you mentioned it is more MS specific rule. Son basically we will be doing one ransomware simulation so when that exercise happens, I want tom setup something which will detect the activity.