Crowdsec workflow against ransomeare or file hash integrity detection


I wonder if its possible to implement ransomeware or file integrity hash modification added check etc… workflow detection, if such scenario is possible with Crowdsec?


For clarity, this was also asked on Discord :slight_smile: But to repeat: Right now it’s not supported. It’s a bit far from the original idea (which is reading and parsing logs) so if it comes it’s not going to happen anytime soon.