Adding execution privileges

Cortex XSIAM Analytics Alert Reference by Alert name
Product
Cortex XSIAM
Last date published
2026-03-01
Category
Analytics Alert Reference
Index by
Alert name

Synopsis

Activation Period

14 Days

Training Period

30 Days

Test Period

N/A (single event)

Deduplication Period

1 Day

Required Data

  • Requires:
    • XDR Agent

Detection Modules

Detector Tags

Kubernetes - AGENT, Containers

ATT&CK Tactic

Execution (TA0002)

ATT&CK Technique

Command and Scripting Interpreter: Unix Shell (T1059.004)

Severity

Informational

Description

A script was granted execution privileges using chmod before being run.

Attacker's Goals

Attackers may use chmod to grant execution privileges to scripts or binaries for malicious execution.

Investigative actions

  • Verify that this activity is not part of normal IT operations.
  • Check for similar commands executed on other hosts.

Variations

Adding execution privileges in a Kubernetes pod

Synopsis

ATT&CK Tactic

Execution (TA0002)

ATT&CK Technique

Command and Scripting Interpreter: Unix Shell (T1059.004)

Severity

Informational

Description

A script was granted execution privileges using chmod before being run.

Attacker's Goals

Attackers may use chmod to grant execution privileges to scripts or binaries for malicious execution.

Investigative actions

  • Verify that this activity is not part of normal IT operations.
  • Check for similar commands executed on other hosts.