I published the following diary on isc.sans.edu: “Hunting for Suspicious Processes with OSSEC“:
Here is a quick example of how OSSEC can be helpful to perform threat hunting. OSSEC is a free security monitoring tool/log management platform which has many features related to detecting malicious activity on a live system like the rootkit detection or syscheck modules. Here is an example of rules that can be deployed to track malicious processes running on a host (it can be seen as an extension of the existing rootkit detection features). What do I mean by malicious processes? Think about crypto miners. They are plenty of suspicious processes that can be extracted from malicious scripts… [Read more]
[The post [SANS ISC] Hunting for Suspicious Processes with OSSEC has been first published on /dev/random]