Offenses
The Activity Monitor App for QRadar feeds a couple of QRadar Offenses.
While the Ransomware Dashboard reports on incidents of Ransomware attacks monitored by StealthINTERCEPT, the following offenses may be generated by the Stealthbits File Activity Monitor App.
| QRadar Offense | Definition |
|---|---|
| INTERCEPT: File System Attacks (By User) | Significant number of file changes made by an account in a short time period |
| Stealthbits: Ransomware Detected | Threshold-based Ransomware Rule |