Detect Oulook exe writing a zip file

Description

This search looks for execution of process outlook.exe where the process is writing a .zip file to the disk.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Endpoint Compromise

Alert Volume

This search looks for execution of process `outlook.exe` where the process is writing a `.zip` file to the disk.

SPL Difficulty

None

Journey

Stage 3

Data Sources

Anti-Virus or Anti-Malware
Application Data
Endpoint Detection and Response
Windows Security