Rare signature signed executable executed in the network

Cortex XDR Analytics Alert Reference by Alert name

Product
Cortex XDR
Last date published
2024-06-04
Category
Analytics Alert Reference
Order
Alert name

Synopsis

Activation Period

14 Days

Training Period

30 Days

Test Period

N/A (single event)

Deduplication Period

30 Days

Required Data

  • Requires:
    • XDR Agent

Detection Modules

ATT&CK Tactic

Defense Evasion (TA0005)

ATT&CK Technique

Subvert Trust Controls: Code Signing (T1553.002)

Severity

Informational

Description

Attackers may use signed executables by less known vendors to bypass security features.

Attacker's Goals

Adversaries may use signed binaries to bypass security features.

Investigative actions

Check if this is legitimate software installed by a legitimate user and intentionally.