Hi,
I am looking for some advice regarding the malware detecting capabilities of SEM. I am trying to test out how well it can detect some different malicious programs that may makes their way onto end devices such as Trojans, RATs or Worms.
I have an environment set up locally with multiple Windows 10 end devices and a SolarWinds server running on ESXI. All end device successfully connect to and send events to the SEM however when I put malicious .exe files onto a host device then run then the SEM shows no signs of detecting these or what they are doing
.
They are detected and quarantined by Windows Defender but when that is turned off temporarily to test the SEM abilities it does not show any threat events.
From what I have seen, I believe I need to set up specific rules for it to report these events but am un-sure how these rules should be structured or set up to detect and report or prevent these applications/programs.
Any assistance is appreciated.