Hi Prasannanayagi, Customer think his DC server was attacked by ransom virus. which product can help him ? ela ?

Prasannanayagi

Yes. EventLog Analyzer can help him. If he has setup File Integrity Monitoring, they can check the file created flow manually with the help of reports. Else, if they have correlation or alert set up for the same, they can also check the respective rule.

We provide two predefined correlation rules related to Ransomware. (Possible ransomware activities and Ransomware detections).

They can also build their own custom rule or alert profile.