UTMStack icon indicating copy to clipboard operation
UTMStack copied to clipboard
verified publisher icon utmstack

Search by speed

Open Morgan-SG opened this issue 8 months ago • 1 comments

Describe the feature

If possible, we want to add a search by execution speed. If an action is performed within a certain time frame, for example 5 ms, it may be a script and not a human. And then avoid false positives.

Use Case

This option could, for example, allow us to know if a GPO is activated within a certain time period, such as a group change, etc.

Proposed Solution

A speed boost in the agents or from the SIEM itself

Other Information

No response

Acknowledgements

  • [x] I may be able to implement this feature request
  • [x] This feature might incur a breaking change

Morgan-SG avatar Apr 15 '25 06:04 Morgan-SG

Please add more information regarding the feature, use case and solution.

osmontero avatar Nov 13 '25 16:11 osmontero