Vendor
medium
advisory
First Time Seen Remote Monitoring and Management Tool Execution
3 rulesDetects the execution of previously unseen remote monitoring and management (RMM) tools or remote access software on compromised Windows endpoints, often leveraged for command-and-control, persistence, and execution of malicious commands.
Elastic Defend +101
remote-access
rmm
command-and-control
persistence
3r
medium
advisory
Suspicious DNS Queries to RMM Domains from Non-Browser Processes
2 rulesDetection of DNS queries to remote monitoring and management (RMM) domains from non-browser processes indicating potential misuse of legitimate remote access tools for command and control.
Elastic Endpoint +1
command-and-control
remote-access
windows
2r