Tag
low
advisory
User Detected with Suspicious Windows Process(es)
2 rules 2 TTPsA machine learning job combination has identified a user with one or more suspicious Windows processes exhibiting unusually high malicious probability scores, potentially involving LOLbins for defense evasion.
Elastic Defend +3
Domain: Endpoint
OS: Windows
Use Case: Living off the Land Attack Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Defense Evasion
Resources: Investigation Guide
defense-evasion
2r
2t
low
advisory
Host Detected with Suspicious Windows Process(es)
2 rules 2 TTPsA machine learning job combination has identified a host with one or more suspicious Windows processes that exhibit unusually high malicious probability scores, indicating potential masquerading tactics for defense evasion.
Elastic Defend +1
Use Case: Living off the Land Attack Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Defense Evasion
Resources: Investigation Guide
defense-evasion
windows
2r
2t