Host With A Recurring Malware Infection

Description

Alerts when a host has an infection that has been re-infected remove multiple times over multiple days.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Endpoint Compromise

Alert Volume

Alerts when a host has an infection that has been re-infected remove multiple times over multiple days.

SPL Difficulty

Advanced

Journey

Stage 2

MITRE ATT&CK Tactics

Execution

MITRE ATT&CK Techniques

User Execution

Data Sources

Anti-Virus or Anti-Malware