LetsDefend Monitoring Alert

Service Configuration File Changed by Non Admin User

Sep, 04, 2021, 02:30 PM

Event ID: 102

Event Time: Sep, 04, 2021, 02:30 PM

Rule Name: SOC154 - Service Configuration File Changed by Non Admin User

Alert Type: Generic

MITRE Technique:
T1543.002 - Privilege Escalation - Create or Modify System Process: Systemd Service,

Severity: High

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166