Vendor
low
advisory
Windows Scheduled Task Creation for Persistence
3 rules 1 TTPAdversaries may create scheduled tasks on Windows systems to establish persistence, move laterally, or escalate privileges, and this detection identifies such activity by monitoring Windows event logs for scheduled task creation events, excluding known benign tasks and those created by system accounts.
OneDrive +5
persistence
scheduled-task
windows
3r
1t
medium
advisory
Detecting Suspicious Scheduled Task Creation in Windows
2 rules 1 TTPThis rule detects the creation of scheduled tasks in Windows using event logs, which adversaries may use for persistence, lateral movement, or privilege escalation by creating malicious tasks.
Windows Security Event Logs +8
persistence
scheduled_task
windows
2r
1t