Checking network traffic at night, checking hashes...
# general
Checking network traffic at night, checking hashes for known processes running, looking for suspicious processes, registry indicators... these are all basic thing that can be very easily adjusted to each individual environment
if you just want generic stuff i’d recommend
many of the windows sysmon examples can be translated to osquery
@AoS did you look into the playbook? I am curious to learn what you've implemented. I'm trying to inventory production use cases.
Is there a Linux Threat hunting playbook? Or a dataset of Linux-specific malware similar to …
I’ve developed many custom/internal things but nothing public afaik.