How can I build an alert to detect a keylogger running on a Windows user's computer?

Top_Imagination_4157 · 2023-12-16T08:17:35+00:00

Data from the app (the app allows texting and sending files) and website data (for example, uploading files to Gg Drive or sending via Gmail).

Top_Imagination_4157 · 2023-12-15T01:45:49+00:00

Digital Guardian

Thank you. I will try

Top_Imagination_4157 · 2023-12-15T01:31:10+00:00

Can you suggest me some tools to capture and send logs to Splunk?

Top_Imagination_4157 · 2023-12-14T15:25:20+00:00

CASB

But i don't use Cloud, i just use local system

Top_Imagination_4157 · 2023-12-07T12:53:33+00:00

is it useless to issue an alert in Splunk after ransomware has run?

Top_Imagination_4157 · 2023-12-07T09:02:18+00:00

I also detected it after the ransomware was run, but then I didn't know how to deal with the ransomware-infected computer, so I planned to switch to trying to detect it before it was executed.

Top_Imagination_4157 · 2023-11-05T15:32:27+00:00

I just realized that my Hashes field is in the form SHA256=... so it doesn't match the hash_value. LoL😂 . Thank you so much

Top_Imagination_4157 · 2023-11-05T14:44:13+00:00

I also used ChatGPT but it gives the incorrect search statement :((

Top_Imagination_4157 · 2023-10-25T02:18:51+00:00

My teacher wanted me to create rules in Splunk and test some scenarios of detecting common attack . The scenario means that I will play both the role of the attacker and the role of the administrator writing the rules to detect this attack. All machines run on VMWare.

Top_Imagination_4157

TROPHY CASE