Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'Entropy calculation used to help identify Hosts where they have a high variety of processes(a high entropy process list on a given Host over time). This helps us identify rare processes on a given Host. Rare here means a process shows up on the Host relatively few times in the the last 7days. The Weight is calculated based on the Entropy, Process Count and Distinct Hosts with that Process. The lower the Weight/ProcessEntropy the, more interesting. The Weight calculation increases the Weight if
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 24e66452-2aaa-455f-b0c6-a0d8216bbe79 |
| Tactics | Execution |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊