Query for common (legit) remote management solutions

%3CLINGO-SUB%20id%3D%22lingo-sub-2865641%22%20slang%3D%22en-US%22%3EQuery%20for%20common%20(legit)%20remote%20management%20solutions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2865641%22%20slang%3D%22en-US%22%3E%3CP%3EReading%20the%20CISA%20alert%20on%20%3CA%20href%3D%22https%3A%2F%2Fus-cert.cisa.gov%2Fncas%2Falerts%2Faa21-291a%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EBlackmatter%20Ransomware%3C%2FA%3E%3C%2FP%3E%3CP%3Ejust%20now%20and%20it%20leads%20me%20to%20this%20question%20-%20has%20someone%20put%20together%20a%20Defender%20for%20Endpoint%2FSentinel%20query%20to%20inventory%20common%20remote%20management%20solutions%20(particularly%20those%20favored%20by%20ransomware%20operators)%3F%26nbsp%3B%20I%20know%20that%20I%20could%20leverage%20vulnerability%20management%20for%20this%20but%20I'd%20like%20to%20fashion%20a%20Sentinel%20detection%20for%20whenever%20something%20unexpected%20shows%20up%20in%20my%20environment.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Reading the CISA alert on Blackmatter Ransomware

just now and it leads me to this question - has someone put together a Defender for Endpoint/Sentinel query to inventory common remote management solutions (particularly those favored by ransomware operators)?  I know that I could leverage vulnerability management for this but I'd like to fashion a Sentinel detection for whenever something unexpected shows up in my environment.

 

 

0 Replies
www.000webhost.com