I am looking for some advice regarding the malware detecting capabilities of SEM. I am trying to test out how well it can detect some different malicious programs that may makes their way onto end devices such as Trojans, RATs or Worms.
I have an environment set up locally with multiple Windows 10 end devices and a SolarWinds server running on ESXI. All end device successfully connect to and send events to the SEM however when I put malicious .exe files onto a host device then run then the SEM shows no signs of detecting these or what they are doing
They are detected and quarantined by Windows Defender but when that is turned off temporarily to test the SEM abilities it does not show any threat events.
From what I have seen, I believe I need to set up specific rules for it to report these events but am un-sure how these rules should be structured or set up to detect and report or prevent these applications/programs.
Any assistance is appreciated.