Attempt to execute a command on a remote host using PsExec.exe

Synopsis

Activation Period	14 Days
Training Period	30 Days
Test Period	N/A (single event)
Deduplication Period	1 Day
Required Data	Requires: XDR Agent
Detection Modules
ATT&CK Tactic	Lateral Movement (TA0008) Execution (TA0002)
ATT&CK Technique	Remote Services: SMB/Windows Admin Shares (T1021.002) System Services: Service Execution (T1569.002)
Severity	Low

There was an attempt to run a command on a remote host using PsExec.exe.

Execute commands and run processes remotely.

Confirm that the connection is benign and occurred as a part of normal behavior.

ATT&CK Tactic

ATT&CK Technique

Severity

Low

There was an attempt to run a command on a remote host using PsExec.exe., the connection to the remote host was successful.

Execute commands and run processes remotely.

Confirm that the connection is benign and occurred as a part of normal behavior.