Kileen on Nostr: I’m about to do some testing with EDRs and interested from mostly a #blueteam ...
I’m about to do some testing with EDRs and interested from mostly a #blueteam perspective what they’ll miss. I heard the vendor who had a hard dive in July of this year misses PUPs the most and their “Complete” isn’t great at remediating all the webshells. Anyone want to share some pointers? I’m logging with ELK & Sysmon, but curious about blind spots.
Published at
2024-11-26 05:50:30Event JSON
{
"id": "ef576235ee493c46149134fe3b3e048425fb75347c24f65c0e79dd39ad8aa535",
"pubkey": "1f963342f94451a437ab0b2a24811501b1091d6302e1008f9921704c70fa88b5",
"created_at": 1732600230,
"kind": 1,
"tags": [
[
"t",
"blueteam"
],
[
"proxy",
"https://infosec.exchange/users/thekileen/statuses/113547688711468060",
"activitypub"
]
],
"content": "I’m about to do some testing with EDRs and interested from mostly a #blueteam perspective what they’ll miss. I heard the vendor who had a hard dive in July of this year misses PUPs the most and their “Complete” isn’t great at remediating all the webshells. Anyone want to share some pointers? I’m logging with ELK \u0026 Sysmon, but curious about blind spots.",
"sig": "35aec356dea7c5cb77ec9c04465f4e983a4ac6768ff08052edc7e36be3fc2b4ea3d6ffc7d4a7ca7973d57ecde00c4023d69bd08f443d58d2ffc0436e53bf0e49"
}
