LetsDefend Monitoring Alert
"Guest" User was Enabled
May, 26, 2023, 07:03 AM
Event ID: 152
Event Time: May, 26, 2023, 07:03 AM
Rule Name: SOC201 - "Guest" User was Enabled
Alert Type: Malware
MITRE Technique:
T1078 - Persistence - Valid Accounts,
T1078 - Privilege Escalation - Valid Accounts,
T1204.002 - Execution - User Execution: Malicious File,
T1566.001 - Initial Access - Phishing: Spearphishing Attachment,
Severity: Medium
Incident Responder