Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,
I wouldn't recommend to focus on the single finding. Indicator-of-compromise category contains rules that should be used for the detection of a positively compromised system and false positives may occur.
When evaluating an event, all the intrus...
