Comments (3)
"advised to run it along with MS Defender"
from whids.
Hey @hz-kelpie,
When I say "it is advised to run with MS Defender", I mean that you can use it to alert whenever MS Defender detects a threat.
Indeed WHIDS does not embeds any binary analysis/scanning engine and you can use Microsoft Defender (which is pretty good) for that purpose.
When a threat is detected, MS Defender generates some ETW events in provider "Microsoft-Windows-Windows Defender".
There is no special code needed for this, the only thing you need is to have "Microsoft-Windows-Windows Defender" provider configured in WHIDS configuration file (which is the default, so you should not have anything to do). The other thing you need is to have is a rule to raise an alert on MS Defender events, which is provided by the open-source rules in this directory https://github.com/0xrawsec/gene-rules/tree/master/rules/defender.
Hope you manage to make it run as you want !
from whids.
thx for your patience!
from whids.
Related Issues (20)
- Consider adding TargetImageProtected flag to ProcessAccess events
- optimize engine.XPath Set and Get
- Review event hooks and default field values
- Bug in service name resolution
- Improve testing of hids package
- Consider embedding Forwarder.Run into hids task scheduler
- optimize tests for more speed
- put action handler routine into task scheduler
- Use context.Context in forwarder.go
- package refactoring needed
- Whids service crash HOT 7
- Whids Stopping Logging HOT 5
- Alerts/events not being log HOT 10
- service protect just like systemd in linux? HOT 2
- Web UI For the EDR Manager HOT 3
- API for querying alert/log statistics
- Installation
- Does Whids have a separate channel or place to store events and logs? HOT 1
- windows 7 32 系统 报错
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from whids.