What should be the parameters to generate a threat flag?
Initial thoughts:
- The rate of syscall invocation is rising significantly
- System (CPU, memory) usage is rising significantly
- Unusual call pattern
Some material that can help in research:
UCLA Research Paper
Palo Alto Networks Blog
Datadog Blog
What should be the parameters to generate a threat flag?
Initial thoughts:
Some material that can help in research:
UCLA Research Paper
Palo Alto Networks Blog
Datadog Blog