Anomalous New Process

Description

Alerts when an anomalous number hosts are detected with a new process.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection

Category

Endpoint Compromise, Unauthorized Software

Alert Volume

Alerts when an anomalous number hosts are detected with a new process.

SPL Difficulty

Advanced

Journey

Stage 3

MITRE ATT&CK Tactics

Execution

MITRE ATT&CK Techniques

Service Execution
Execution

Service Execution

MITRE Threat Groups

APT32
APT39
APT41
Blue Mockingbird
FIN6
Honeybee
Ke3chang
Silence
Wizard Spider

Data Sources

Endpoint Detection and Response