Skip to main content
Version: Next

PID

info

We use PID to refer to a process ID based events.

We provide collection for host based indicators of compromise (IOCs) that can be used to detect malicious activity on your hosts.

Collections:

Currently we cannot remediate these alerts, however, we can send you a notification when we detect them.

name: pid_alert
filters:
- Alert.GetScope() == "pid"
decisions: []
notifications:
- slack_default
## Please edit the above line to match your notification name
on_success: break
---
CrowdSec ConsoleCrowdSec Console