Tag
medium
advisory
GenAI Process Connection to Unusual Domain on macOS
2 rules 1 TTPThis rule detects GenAI tools on macOS connecting to unusual domains, potentially indicating command and control activity, data exfiltration, or malicious payload retrieval following compromise via prompt injection, malicious MCP servers, or poisoned plugins.
Copilot +22
genai
command and control
macos
network connection
2r
1t
low
advisory
Suspicious Command Prompt Network Connection
2 rules 4 TTPsThis alert identifies suspicious network connections initiated by the command prompt (cmd.exe) when executed with arguments indicative of script execution, remote resource access, or originating from Microsoft Office applications, which is a common tactic for downloading payloads or establishing command and control.
Elastic Defend +7
command-prompt
network-connection
windows
execution
command-and-control
2r
4t