LetsDefend Monitoring Alert
A Service was installed by an unauthorized user
May, 23, 2023, 10:13 PM
Event ID: 151
Event Time: May, 23, 2023, 10:13 PM
Rule Name: SOC200 - A Service was installed by an unauthorized user
Alert Type: LOLBin
MITRE Technique:
T1566 - Initial Access - Phishing,
T1543.002 - Privilege Escalation - Create or Modify System Process: Systemd Service,
T1110 - Credential Access - Brute Force,
T1543 - Persistence - Create or Modify System Process,
Severity: High
Incident Responder