Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
30 Days |
Required Data |
|
Detection Modules |
Identity Analytics |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An unusual process was executed by a user. This may be indicative of a compromised account.
Attacker's Goals
Unusual processes may be executed for various purposes, including exfiltration, lateral movement, etc.
Investigative actions
Investigate the process that was executed to determine if it was used for legitimate purposes or malicious activity.