LetsDefend Monitoring Alert
Unauthorized Root Access
Aug, 30, 2021, 10:11 AM
Event ID: 99
Event Time: Aug, 30, 2021, 10:11 AM
Rule Name: SOC151 - Unauthorized Root Access
Alert Type: Unauthorized Access
MITRE Technique:
T1566 - Initial Access - Phishing,
T1059.004 - Execution - Unix Shell,
T1053.003 - Persistence - Scheduled Task/Job: Cron,
Severity: High
Incident Responder