Detect Rules

Can I detect a acess to website through endpoint security?
Because i want to know if a host acess a certain website and "shot" a alert.

If i understand you want to be alerted on any host visiting a specific website.
e.g. example.com

Taking you have the Endpoint Security integration enabled you can look for DNS requests for that website as first step. If you want to be more strict in your monitoring (because of how DNS works) you can opt to use the Network Packet Capture integration to monitor the HTTP/TLS traffic and use a detection rule on those events.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.