Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
6 Hours |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
A scheduled task was created via file access from an unsigned process. This is uncommon and may indicate malicious activity.
Attacker's Goals
Attackers may attempt to gain persistence on the endpoint using scheduled tasks.
Investigative actions
- Review the process executed by the schedule task.
- Investigate the specific scheduled task execution chain.