Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
Process Anomaly Analytics |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
Windows CGO, actor and action processes with anomalous characteristics.
Attacker's Goals
- Processes anomalous characteristics which commonly appear in malicious activities.
Investigative actions
- Investigate the executed process image and check if it is malicious.
- Investigate the CGO and actor processes that executed the process and check if they are malicious.
Variations
Windows CGO, actor and action processes with anomalous characteristics by an untrusted CGOWindows CGO, actor and action processes with highly anomalous characteristics