Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Hour |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
The route.exe command is used to display and modify entries in the local IP routing table. Adversaries may attempt to use the command to discover remote systems they could compromise.
Attacker's Goals
Attackers can attempt to use the command to discover remote systems they could compromise.
Investigative actions
Check whether the command line executed is benign or normal for the host and/or user performing it (e.g. an IT script).