(no title)
frzen
|
2 years ago
I use security onion for this, sysmon generates events and they are shipped to security onion using winlogbeats. Stuff like whoami execution shows up on my alerts. I wouldn't mind making some canary tokens for files inside shares with sensitive information as a warning for me to be prepared to be fired.
No comments yet.