Comment on Many such cases
theotterone@lemmy.world 2 months agoOnly run as an experiment myself but Wazuh can do it apparently: …wazuh.com/…/detect-malware-yara-integration.html
MDE can do something similar but you’ll need to rewrite your rules which is of course more than suboptimal… learn.microsoft.com/…/advanced-hunting-overview?v…
Lumilias@pawb.social 2 months ago
Interesting, never heard of Wazuh until now. That looks closer to what Trellix allows.
The guy in charge of picking endpoint security products (whose team writes these rules) has tried Defender and found it lacking in comparison. Also, that link is about historical search for threat hunting, so I’m not sure if it’s the correct one.