Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
1 Hour |
Deduplication Period |
30 Days |
Required Data |
|
Detection Modules |
Identity Analytics |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
Multiple unusual processes were executed in the organization. This may be indicative of a compromised account.
Attacker's Goals
Unusual processes may be executed for various purposes, including exfiltration, lateral movement, etc.
Investigative actions
Investigate the processes that were executed to determine if they were used for legitimate purposes or malicious activity.