Host With High Number Of Services

Description

Alerts when host has a high number of services. This may be an indication that the device is running services that are not necessary (such as a default installation of a server).

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Endpoint Compromise, Unauthorized Software, Lateral Movement

Alert Volume

Alerts when host has a high number of services. This may be an indication that the device is running services that are not necessary (such as a default installation of a server).

SPL Difficulty

Advanced

Journey

Stage 3

Data Sources

Endpoint Detection and Response