▲ 7 r/crowdstrike
USB exfiltration Query
Hi everyone, i am trying to create a rule in NG-SIEM for usb exfiltration. For now i got the events, excluded our bot accounts, took the data in bytes, made it in MB.
What i am askins is if there is a way to check the Mass storage policy from endpoint protection, there we have an allow list and i wpuld like to exclude it from the rule being generated
I am not an ENG i am doing this as an analyst to develop myself further
u/Rotopercutoru — 11 days ago