Vendor
medium
advisory
First Time Seen Remote Monitoring and Management Tool Execution
3 rulesDetects the execution of previously unseen remote monitoring and management (RMM) tools or remote access software on compromised Windows endpoints, often leveraged for command-and-control, persistence, and execution of malicious commands.
Elastic Defend +101
remote-access
rmm
command-and-control
persistence
3r
medium
advisory
Detection of Windows RMM Tool Execution
3 rules 1 TTPDetects process creation events indicative of remote management tools, potentially signifying legitimate use or malicious exploitation by threat actors abusing RMM software.
AnyDesk +28
rmm
remote-access
sysmon
3r
1t