LetsDefend Monitoring Alert
Attempt to Steal Credentials from the Bash History
Sep, 29, 2023, 09:26 AM
Event ID: 188
Event Time: Sep, 29, 2023, 09:26 AM
Rule Name: SOC226 - Attempt to Steal Credentials from the Bash History
Alert Type: Unauthorized Access
MITRE Technique:
T1078 - Initial Access - Valid Accounts,
T1552.003 - Credential Access - Unsecured Credentials: Bash History,
Severity: High
Incident Responder