InTrust is an enterprise-level log management (SIEM-like) and EDR solution. Below is a wiki for using InTrust with examples of using the product in enterprise infrastructure.
- Supported datasources by architecture type
- Supported datasources by solution type
- Supported datasources by vendor name
- Cyber-Security Monitoring Rules and Searches
- Other Useful Rules and Searches
- Useful Scripts
Supported datasources by architecture type
- Windows
- Linux
- UNIX-like
- HP-UX
- Solaris
- AIX
Supported datasources by solution type
- Proxy
- Firewall
- Antivirus/EDR
- Web Server
- Database Server
- Mail Server
- Other Infrastructure Server
Supported datasources by vendor name
- CISCO
- TrendMicro
- Microsoft
- Symantec
- Oracle
Cyber-Security Searches and Monitoring Rules
Collection of monitoring rules and searches which are recommended by or researches for cyber-security threat hunting and threat protection
- DCSync attack
- Password-spraying attack
- PowerShell-based attack and suspicious commands
Other Useful Rules and Searches
Collection of useful rules for monitoring corporate infrastructure
Useful Scripts
Collection of useful scripts for Quest InTrust
- [Response Action] ServiceNow incident