Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
10 Minutes |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A user executed an unusual amount of sudo commands in a short time period.
This may indicate an attempt to guess the sudo password.
Attacker's Goals
The attacker may gain full privileges to the host.
Investigative actions
Verify which user ran these commands and if it is a legitimate behavior on this host.