Leverage searches that allow you to detect and investigate unusual activities that might relate to the data destruction, including deleting files, overwriting files, wiping disk and encrypting files.
- Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Datamodel: Endpoint
- Last Updated: 2022-02-14
- Author: Teoderick Contreras, Splunk
- ID: 4ae5c0d1-cebd-47d1-bfce-71bf096e38aa
Adversaries may use this technique to maximize the impact on the target organization in operations where network wide availability interruption is the goal.
source | version: 1