Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Hour |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
Ping is often used by malware and attackers to delay the execution of suspicious commands in sandbox environments.
Attacker's Goals
Use ping as an easy way to wait to try and evade detection between executions.
Investigative actions
- Validate if the executing process is malicious.