Hurence / logisland

Scalable stream processing platform for advanced realtime analytics on top of Kafka and Spark. LogIsland also supports MQTT and Kafka Streams (Flink being in the roadmap). The platform does complex event processing and is suitable for time series analysis. A large set of valuable ready to use processors, data sources and sinks are available.

https://logisland.github.io

Other

110 stars 29 forks source link

add a detection of ransomware (encrypting disk) and action generator to isolate machine #170

Open lhubert opened 7 years ago

lhubert commented 7 years ago

Expected behavior and actual behavior.

Steps to reproduce the problem.

Specifications like the version of the project, operating system, or hardware.

oalam commented 7 years ago

could you please provide some detection strategies or some web links to help specifying the feature

lhubert commented 7 years ago

this URL gives some interesting hints for detecting ransomware (huge amount of file activity - renamings, etc.) https://www.netfort.com/blog/methods-for-detecting-ransomware-activity/