Prohibited Process Detected

Description

Alerts when a service in the prohibited process list is detected.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Endpoint Compromise, Unauthorized Software

Alert Volume

Alerts when a service in the prohibited process list is detected.

SPL Difficulty

Medium

Journey

Stage 4

MITRE ATT&CK Tactics

Privilege Escalation
Persistence

MITRE ATT&CK Techniques

New Service

Windows Service

MITRE Threat Groups

APT19
APT3
APT32
APT41
Blue Mockingbird
Carbanak
Cobalt Group
DarkVishnya
FIN7
Honeybee
Ke3chang
Kimsuky
Lazarus Group
PROMETHIUM
Threat Group-3390
Tropic Trooper
Wizard Spider

Data Sources

Endpoint Detection and Response