In the hunt in detecting cryptolocker alike malware I'm looking for a way to detect abnormal file access behaviour.
I already placed one dummy.docx file where I check modification access and it's checksum, but this is only within one directory and hasn't proved to be effective as we had a cryptolocker inside another directory.
Is there a way where we can enable zabbix to monitor abnormal file access / changes which are in automated way?
All ideas are welcome!
I already placed one dummy.docx file where I check modification access and it's checksum, but this is only within one directory and hasn't proved to be effective as we had a cryptolocker inside another directory.
Is there a way where we can enable zabbix to monitor abnormal file access / changes which are in automated way?
All ideas are welcome!
Comment