LetsDefend Monitoring Alert
Suspicious Powershell Script Executed
Jul, 26, 2023, 02:13 PM
Event ID: 171
Event Time: Jul, 26, 2023, 02:13 PM
Rule Name: SOC153 - Suspicious Powershell Script Executed
Alert Type: Data Leakage
MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1110 - Credential Access - Brute Force,
T1133 - Initial Access - External Remote Services,
T1567 - Exfiltration - Exfiltration Over Web Service,
T1005 - Collection - Data from Local System,
T1132 - Command and Control - Data Encoding,
Severity: Medium
Incident Responder