Newbie looking for a link or general guide that will help me tweak some
of these alerts. One in particular: Rule Rule Name: Ransomware detected
on a hostRemediation: Rule Description: Identifies excessive
non-executable file changes by the same proce...
We use 7.1.2. The weird thing is it seems to pick up reads. It is our
primary fileshare so people do copy, move and change stuff all day.
Thanks for the response. Maybe we just double the number?