LetsDefend Monitoring Alert

Sudoedit Execution Attempt Detected (CVE-2023-22809)

Oct, 19, 2023, 10:00 AM

Event ID: 192

Event Time: Oct, 19, 2023, 10:00 AM

Rule Name: SOC230 - Sudoedit Execution Attempt Detected (CVE-2023-22809)

Alert Type: Unauthorized Access

MITRE Technique:
T1059 - Execution - Command and Scripting Interpreter,
T1133 - Initial Access - External Remote Services,
T1078 - Initial Access - Valid Accounts,
T1136 - Persistence - Create Account,
T1068 - Privilege Escalation - Exploitation for Privilege Escalation,

Severity: High

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166