Rule To Detect Ransomware

msef280 · ‎Feb 02 2022

Hi,

I am trying to build a rule to detect ransomware. I was following the rule "Advanced multistage attack detection" but most of the log sources it has coming from Microsoft products look like although it does have something called "Raw logs from other sources" so does it mean that it will analyze all other data that is coming in my environment? We will be doing a ransomware simulation so I want to create a rule to observe on Sentinel so when the simulation starts, I can track unusual activity.

Any suggestion would be appreciated.

Gary Bushey · ‎Feb 03 2022

Not sure if you have seen this article but it does appear that the Fusion for Ransomware is pretty much limited to MS Security products: https://docs.microsoft.com/en-us/azure/sentinel/fusion

msef280 · ‎Feb 08 2022

Hi Gary,

Yes I saw this one & modified it too but as you mentioned it is more MS specific rule. Son basically we will be doing one ransomware simulation so when that exercise happens, I want tom setup something which will detect the activity.

Rule To Detect Ransomware

Rule To Detect Ransomware

Re: Rule To Detect Ransomware

Re: Rule To Detect Ransomware

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Rule To Detect Ransomware