NOTE: We kinda rushed through this section in the class and I'm a little under the weather as I'm working on it now, so I've tidied it up a bit, but want to fill it in more later.

Endpoint Protection Analysis

Endpoint detection and testing tools

1. BLUESPAWN runs and checks the system for all kinds of issues
   1. Detections are marked in MITRE Techniques
2. Atomic Red Team for testing an EDR
   1. Do not run ART in production

Free or Good EDRs

1. Wazuh
   1. Originally an inventory system
   2. Full stack EDR
   3. Data feeds to an ELK stack
2. Velociraptor
3. LimaCharlie
4. Elastic Stack
   1. Almost everyone uses ELK
      1. ELK is free, Elastic is paid
   2. Easy install
   3. Can install it and start detecting malware out of the box
5. OpenEDR
   1. From Comodo
   2. Full source code on GitHub

LAB: BHIS-SOCC-lab-Velociraptor