LetsDefend Monitoring Alert
Anomalous File OPS
Jun, 13, 2023, 06:49 AM
Event ID: 158
Event Time: Jun, 13, 2023, 06:49 AM
Rule Name: SOC207 - Anomalous File OPS
Alert Type: Data Leakage
MITRE Technique:
T1566 - Initial Access - Phishing,
T1059 - Execution - Command and Scripting Interpreter,
T1119 - Collection - Automated Collection,
T1027 - Defense Evasion - Obfuscated Files or Information,
T1083 - Discovery - File and Directory Discovery,
T1567 - Exfiltration - Exfiltration Over Web Service,
T1560 - Collection - Archive Collected Data,
T1005 - Collection - Data from Local System,
Severity: High
Incident Responder