LetsDefend Monitoring Alert
Unnormal Code/Command Execution
Sep, 24, 2021, 02:07 PM
Event ID: 105
Event Time: Sep, 24, 2021, 02:07 PM
Rule Name: SOC156 - Unnormal Code/Command Execution
Alert Type: Unauthorized Access
MITRE Technique:
T1112 - Defense Evasion - Modify Registry,
T1595 - Discovery - Active Scanning,
T1078 - Initial Access - Valid Accounts,
T1204 - Execution - User Execution,
T1110 - Credential Access - Brute Force,
T1197 - Persistence - BITS Job,
T1053 - Persistence - Scheduled Task/Job,
Severity: High
Incident Responder