This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Anomaly detection based on never seen events

Posted on 03-08-2025 12:47 AM
Lello
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

im currently trying to create a rule that checks if a match was also matched in the previous days to detect anomalies but I haven't been able to define two different timeframes in which to run the rule yet.
Example: the rule runs on the last 5 days, the only events that must generate the final match are those that in the days from -5 to -1 had never happened and from -1 to now have happened. so I will exclude the events that happened both today ( -1 to now ) and in the past days ( -5 to -1 ).

Thanks in advance.

Daniele.

0 1 289
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
kentphelps
Staff
Reply posted on --/--/---- --:-- AM

Take a look at the following previous Community postings for some guidance
assistance in YARA rule
help with Query

0 Likes
Top Solution Authors
View all