Detect Processes Used For System Network Configuration Discovery
This search looks for fast execution of processes used for system network configuration discovery on the endpoint.
Detect Processes Used For System Network Configuration Discovery Help
You must be ingesting data that records registry activity from your hosts to populate the Endpoint data model in the processes node. This is typically populated via endpoint detection-and-response product, such as Carbon Black, or endpoint data sources, such as Sysmon. The data used for this search is usually generated via logs that report reads and writes to the registry or that are populated via Windows event logs, after enabling process tracking in your Windows audit settings.
Open in Search