Blacklisted Application

Description

Triggered when an application is executed on an endpoint or server. Blacklisted applications are pre-defined in UBA and updated on a regular basis.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Endpoint Compromise, Operations, Threat Intelligence, Unauthorized Software

Alert Volume

Low

Journey

Stage 4

MITRE ATT&CK Tactics

Execution

MITRE ATT&CK Techniques

Execution

Data Sources

Windows Security
Endpoint Detection and Response