Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
Attackers may use WMI to execute commands on the target host.
Attacker's Goals
Execute commands on the victim host.
Investigative actions
Correlate the RPC call from the source host and understand which process initiated it.