Tutorial - BasicsEolh RulesEolh RulesEolh has detection rule engine and a few default rules.Eolh-1: New executable dropped in a containerA new PE file is created in a container. This is normal behavior in the early stages of container creation.Eolh-2: PPID SpoofingAn attacker can tamper with parent process and hide the true parent-child relationship to evade detection.Eolh-3: Crypto MiningA crypto miner using the Stratum protocol is found.Eolh-4: Tor ExecutableThe Tor Executable is found.