Detect Processes Used For System Network Configuration Discovery

Description

This search looks for fast execution of processes used for system network configuration discovery on the endpoint.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Malware,

Alert Volume

This search looks for fast execution of processes used for system network configuration discovery on the endpoint.

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Discovery

MITRE ATT&CK Techniques

System Network Configuration Discovery

System Network Configuration Discovery

MITRE Threat Groups

APT1
APT19
APT3
APT32
APT41
Darkhotel
Dragonfly 2.0
Frankenstein
Ke3chang
Lazarus Group
Magic Hound
MuddyWater
Naikon
OilRig
Sandworm Team
Soft Cell
Stealth Falcon
Threat Group-3390
Tropic Trooper
Turla
Wizard Spider
admin@338
menuPass

Kill Chain Phases

Installation
Command and Control
Actions On Objectives

Data Sources

Endpoint Detection and Response

   Help

Detect Processes Used For System Network Configuration Discovery Help

You must be ingesting data that records registry activity from your hosts to populate the Endpoint data model in the processes node. This is typically populated via endpoint detection-and-response products, such as Carbon Black, or endpoint data sources, such as Sysmon. The data used for this search is usually generated via logs that report reads and writes to the registry or that are populated via Windows event logs, after enabling process tracking in your Windows audit settings.

   Search

Open in Search