LetsDefend Monitoring Alert

Suspicious Powershell Script Executed

Jul, 26, 2023, 02:13 PM

Event ID: 171

Event Time: Jul, 26, 2023, 02:13 PM

Rule Name: SOC153 - Suspicious Powershell Script Executed

Alert Type: Data Leakage

MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1110 - Credential Access - Brute Force,
T1133 - Initial Access - External Remote Services,
T1567 - Exfiltration - Exfiltration Over Web Service,
T1005 - Collection - Data from Local System,
T1132 - Command and Control - Data Encoding,

Severity: Medium

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166