When endpoint is monitored, it would be interesting to raise an alert whenever uncommon shell activity takes place.
Lets assume the user commonly works on the shell between 7am-22-pm. If the same user now logs in or executes commands e.g. at 1am, an alert can be raised.
When endpoint is monitored, it would be interesting to raise an alert whenever uncommon shell activity takes place.
Lets assume the user commonly works on the shell between 7am-22-pm. If the same user now logs in or executes commands e.g. at 1am, an alert can be raised.