LogRhythm Labs

Agent SmartResponse Host Checking

How can you find out if a SmartResponse plug-in using PowerShell will run on a specific System Monitor Agent host? Also, with what user context will the SmartResponse plug-ins execute? Windows PowerShell execution policies let you determine the conditions under which PowerShell loads configuration files and runs scripts. We would like to find out what that setting is on a specific host that has a System Monitor Agent installed. Read more about execution policies.

Read More

VirusTotal SIEM Integration

Without process whitelisting it’s tough for organizations to be sure of what is running on their hosts. Even with whitelisting, malware can masquerade under other...

Read More