Trigger a command script from a security incident detected by EMET RRS feed

  • Question

  • Hello all,

    I would need to run a specific script in EMET (using local CLI) when it detects some "attack" or security problem.

    This script should receive the filename and path of the file, executable or process who "launched the attack".

    Please, do you know if this can be done? Through Active Directory scheduled tasks I can schedule a task triggered by a specific event however, I cannot tell the script the filename affected in this way, if I'm not wrong.

    Any help?



    Wednesday, June 29, 2016 4:48 PM