LetsDefend Monitoring Alert

A Service was installed by an unauthorized user

May, 23, 2023, 10:13 PM

Event ID: 151

Event Time: May, 23, 2023, 10:13 PM

Rule Name: SOC200 - A Service was installed by an unauthorized user

Alert Type: LOLBin

MITRE Technique:
T1566 - Initial Access - Phishing,
T1543.002 - Privilege Escalation - Create or Modify System Process: Systemd Service,
T1110 - Credential Access - Brute Force,
T1543 - Persistence - Create or Modify System Process,

Severity: High

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166