Detect where a process has been killed
We have a scenario where users are able to kill a certain process to bypass security.
How can we leverage XDR to detect where the specific process name has been killed and, ideally, prevent it?
I thought maybe an IOC or BIOC but the IOC doesn't seem
...