Detects audio capture via PowerShell Cmdlet.
Detect attacker collecting audio via SoundRecorder application.
Detects attempts to record audio with arecord utility
Detects attempts to discover the files with setuid/setgid capability on them. That would allow adversary to escalate their privileges.
Potential adversaries accessing the microphone and webcam in an endpoint.
Detects Processes accessing the camera and microphone from suspicious folder