Detect Processes Used For System Network Configuration Discovery

Description

This search looks for fast execution of processes used for system network configuration discovery on the endpoint.

   Help

Detect Processes Used For System Network Configuration Discovery Help

You must be ingesting data that records registry activity from your hosts to populate the Endpoint data model in the processes node. This is typically populated via endpoint detection-and-response product, such as Carbon Black, or endpoint data sources, such as Sysmon. The data used for this search is usually generated via logs that report reads and writes to the registry or that are populated via Windows event logs, after enabling process tracking in your Windows audit settings.

   Search

Open in Search