LetsDefend Monitoring Alert

Suspicious Powershell Script Executed

Mar, 14, 2024, 05:23 PM

Event ID: 238

Event Time: Mar, 14, 2024, 05:23 PM

Rule Name: SOC153 - Suspicious Powershell Script Executed

Alert Type: Malware

MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1071 - Command and Control - Application Layer Protocol,
T1204.002 - Execution - User Execution: Malicious File,
T1189 - Initial Access - Drive-by Compromise,

Severity: Medium

Security Analyst

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166