High Process Count

Description

Alerts when host has a high number of processes. This may be due to an infection or a runaway process.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection

Category

Endpoint Compromise

Alert Volume

Alerts when host has a high number of processes. This may be due to an infection or a runaway process.

SPL Difficulty

Advanced

Journey

Stage 3

MITRE ATT&CK Tactics

Execution

MITRE ATT&CK Techniques

Service Execution

Service Execution

MITRE Threat Groups

APT32
APT39
APT41
Blue Mockingbird
FIN6
Honeybee
Ke3chang
Silence
Wizard Spider

Data Sources

Endpoint Detection and Response