This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

SIEM rule to detect encryption

Posted on 10-27-2023 05:54 AM
ev13
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

anyone here tried creating a rule that was able to capture encryption in a host,

I would like to get some ideas on how you do it,

0 2 336
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
manthavish
Staff
Reply posted on --/--/---- --:-- AM

I think some more information is needed before a suggestion can be made. What log types are being sent from the host ? And what in those logs can help determine if encryption is present ? If we can answer this, a suitable rule can be created. 

Hope this helps

0 Likes

Posted on --/--/---- --:-- AM
AymanC
Silver 3
Silver 3
Reply posted on --/--/---- --:-- AM

As mentioned above, more information is needed. But at face value, if you know the encryption algorithm you can regex match an event for it.

0 Likes
Top Solution Authors
View all