Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
Kubernetes - AGENT, Containers |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
The sshpass command was executed, This could be an attempt to check for credential stuffing.
Attacker's Goals
Attackers may try to check and reuse credentials on the host.
Investigative actions
Check whether the executing process is benign, and if this was a desired behavior as part of its normal execution flow.