| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Purpose
An analyst wants to detect malicious behavior in endpoints. Using the CrowdStrike Falcon Data Replicator SQS collector to send endpoint logs to Devo, the analyst will find unauthorized endpoint configuration changes. As a result, the analyst will revoke access to the endpoint, preventing infections from engaging in lateral movement and exfiltration.
...