Ransomware Monitoring

Question

Curious if anyone is leveraging LM for first line Ransomware detection. Reading indicators typically include a high number of file name changes on the server/PC. Seems like that would be something that LM could help us identify early on and alert out to take action before additional servers are compromised. Looks like a working number is about 4 renames a second for the threshold.

Thanks,

Mitch

Thanks,

Mitch

john_certeza · Answer

Mitchel, if your monitoring Windows Systems for ransomware, you could likely adapt the FSRM script linked here and trigger alerts on a file monitor or such?&nbsp; https://fsrm.experiant.ca/

Forum Discussion

Ransomware Monitoring

1 Reply

Related Content

Process monitoring (Linux)

Process Monitoring

Meraki monitoring within Logic Monitor

Aruba Central Monitoring?

Process Monitoring Batch Script

Recent Discussions

Dashboard Sharing – An Inline Framing Method

2021-12-15 US Office Hours

Live Training - Tuning Datapoints and Alerts - 15th JUNE 2022 - APAC

Live Training - Introduction to Dashboards - 18th MAY 2022 - APAC

2022-05-11- APAC Product Overview -Collectors, Resources/Groups, Dashboards