Anomalous New Service

Description

Alerts when an anomalous number hosts are detected with a new service.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection

Category

Endpoint Compromise, Unauthorized Software, Privilege Escalation

Alert Volume

Alerts when an anomalous number hosts are detected with a new service.

SPL Difficulty

Advanced

Journey

Stage 3

MITRE ATT&CK Tactics

Privilege Escalation
Persistence

MITRE ATT&CK Techniques

New Service

Windows Service

MITRE Threat Groups

APT19
APT3
APT32
APT41
Blue Mockingbird
Carbanak
Cobalt Group
DarkVishnya
FIN7
Honeybee
Ke3chang
Kimsuky
Lazarus Group
PROMETHIUM
Threat Group-3390
Tropic Trooper
Wizard Spider

Data Sources

Endpoint Detection and Response