Closed ceramicskate0 closed 6 years ago
its in there but im not sure how to introduce end user to it yet and send to log collector/siem. Ideas?
endpoint does VT lookup and if 1 found malicious send to siem??? issue with security of API key.........
add true false to central app config file for Virustotal lookups (nned API key)(and API key secure storage for app)
UNABLE TO SUPPORT THIS FEATURE ON ALL MOST ENVIRONMENTS WITH CURRENT APP SECURITY MODULE NOT GOING TO IMPLEMENT
Extract IP and File Hash's in app algo, deal with config issues to turn features on and off, what to do with log data, and pull from more than sysmon log type