Create Service In Suspicious File Path

Create Service In Suspicious File Path

Description

This detection is to identify a creation of "user mode service" where the service file path is located in non-common service folder in windows.

   Help

Create Service In Suspicious File Path Help

To successfully implement this search, you need to be ingesting logs with the Service name, Service File Name Service Start type, and Service Type from your endpoints.

   Search

Open in Search