PID
info
We use PID to refer to a process ID based events.
We provide collection for host based indicators of compromise (IOCs) that can be used to detect malicious activity on your hosts.
Collections:
Currently we cannot remediate these alerts, however, we can send you a notification when we detect them.
name: pid_alert
filters:
- Alert.GetScope() == "pid"
decisions: []
notifications:
- slack_default
## Please edit the above line to match your notification name
on_success: break
---