Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uncommon shell activity - time monitoring #31

Open
Pilladian opened this issue Aug 27, 2022 · 0 comments
Open

Uncommon shell activity - time monitoring #31

Pilladian opened this issue Aug 27, 2022 · 0 comments
Assignees
@Pilladian
Labels
siem idea Idea for a siem runbook

Comments

@Pilladian
Copy link
Owner

When endpoint is monitored, it would be interesting to raise an alert whenever uncommon shell activity takes place.
Lets assume the user commonly works on the shell between 7am-22-pm. If the same user now logs in or executes commands e.g. at 1am, an alert can be raised.
@Pilladian Pilladian added the siem idea Idea for a siem runbook label Aug 27, 2022
@Pilladian Pilladian self-assigned this Aug 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Pilladian Pilladian

Labels
siem idea Idea for a siem runbook
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Pilladian