Vendor
medium
advisory
Remote Execution via File Shares
2 rules 2 TTPsThis rule identifies the execution of a file that was created by the virtual system process, potentially indicating lateral movement via network file shares in Windows environments.
lateral-movement
file-share
windows
2r
2t
medium
advisory
Remote Execution via File Shares
2 rules 2 TTPsThe rule identifies the execution of a file created by the virtual system process, potentially indicating lateral movement via network file shares, by detecting a sequence of file creation/modification followed by process execution, excluding trusted vendors.
Elastic Defend
lateral-movement
file-shares
windows
2r
2t