LetsDefend Monitoring Alert

Security Software Discovery Detected

Jun, 04, 2024, 07:04 AM

Event ID: 264

Event Time: Jun, 04, 2024, 07:04 AM

Rule Name: SOC288 - Security Software Discovery Detected

Alert Type: Unauthorized Access

MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1078 - Initial Access - Valid Accounts,
T1110 - Credential Access - Brute Force,
T1133 - Initial Access - External Remote Services,
T1087 - Discovery - Account Discovery,
T1057 - Discovery - Process Discovery,
T1083 - Discovery - File and Directory Discovery,
T1049 - Discovery - System Network Connections Discovery,
T1518 - Discovery - Software Discovery,
T1069 - Discovery - Permission Groups Discovery,

Severity: Medium

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166