[Use case] Detecting cryptocurrency wallet software

[Use case] Detecting cryptocurrency wallet software

Hello all,
In this series of posts, we'll share various product use cases, their importance, and how the product can be used to solve them. In this post, we look at the correlation rule to detect cryptocurrency wallet software within your organization.

Rule name: Cryptocurrency wallet software started

What the rule detects: This rule detects the running of several common cryptocurrency wallet software on your organization's devices.

Why the rule is useful: Cryptocurrency mining and trading have become extremely popular in the last few years. However, cryptocurrencies are also at the center of several ethical and economic debates as they don't have a central authority and are preferred by criminals in their activities. While the regulations surrounding the mining and trading of cryptocurrency is not clear in some countries, they have been explicitly banned in some other countries. Cryptocurrency wallets are software programs used to store and trade these digital currencies. If you would prefer that your organization resources not be used for such activity, you can monitor their usage using this rule.
How the rule works: EventLog Analyzer detects the starting of Windows processes associated with popular cryptocurrency wallet software, such as Etherium Wallet, BitPay, Copay, and several others.