|
|
|
|
|
|
by frzen
1030 days ago
|
|
|
I use security onion for this, sysmon generates events and they are shipped to security onion using winlogbeats. Stuff like whoami execution shows up on my alerts. I wouldn't mind making some canary tokens for files inside shares with sensitive information as a warning for me to be prepared to be fired. |
|
|