Anomalous File OPS - LetsDefend

LetsDefend Monitoring Alert

Anomalous File OPS

Jun, 13, 2023, 06:49 AM

Event ID: 158

Event Time: Jun, 13, 2023, 06:49 AM

Rule Name: SOC207 - Anomalous File OPS

Alert Type: Data Leakage

MITRE Technique:

T1566 - Initial Access - Phishing,

T1059 - Execution - Command and Scripting Interpreter,

T1119 - Collection - Automated Collection,

T1027 - Defense Evasion - Obfuscated Files or Information,

T1083 - Discovery - File and Directory Discovery,

T1567 - Exfiltration - Exfiltration Over Web Service,

T1560 - Collection - Archive Collected Data,

T1005 - Collection - Data from Local System,

Severity: High

Incident Responder

45305 Catalina ct. Suite 150, Sterling VA 20166