Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Response playbooks |
Description
Rare and unsigned process was executed by a scheduled task.
Attacker's Goals
Attackers may attempt to gain persistence on the endpoint using scheduled tasks.
Investigative actions
- Review the process executed by the schedule task.
- Investigate the specific scheduled task execution chain.
Variations
Uncommon unsigned process execution by scheduled taskRare unsigned process execution with high integrity level by scheduled task
Rare unsigned process execution by scheduled task on a sensitive server