When endpoint is monitored, it would be interesting to raise an alert whenever uncommon shell activity takes place.
Lets assume the user commonly executes a specific set of commands throughout the day. If new commands are getting executed an alert could be raised.
When endpoint is monitored, it would be interesting to raise an alert whenever uncommon shell activity takes place.
Lets assume the user commonly executes a specific set of commands throughout the day. If new commands are getting executed an alert could be raised.