Suspicious Lnk File Launching A Process
This search looks for a
`*.lnk file under
*\Local\Temp\* executing a process. This is common behavior used by various spear phishing tools.
This content is not mapped to any local saved search. Add mapping
Suspicious Lnk File Launching A Process Help
You must be ingesting data that records filesystem and process activity from your hosts to populate the Endpoint data model. This is typically populated via endpoint detection-and-response products, such as Carbon Black, or endpoint data sources, such as Sysmon.
Open in Search