I'm wondering if anyone has created (or could help me) create an OSSEC rule to detect new additions to the "run" keys in the registry.
The goal is to detect malware and fileless malware adding run keys to the registry. If anyway has started creating rules for fileless malware detection that would be great too. Thanks. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.