Unusually Long Command Line

Description

Command lines that are extremely long may be indicative of malicious activity on your hosts.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection

Category

Endpoint Compromise

Alert Volume

Command lines that are extremely long may be indicative of malicious activity on your hosts.

SPL Difficulty

None

Journey

Stage 3

Kill Chain Phases

Actions On Objectives

Data Sources

Endpoint Detection and Response

   Help

Unusually Long Command Line Help

You must be ingesting endpoint data that tracks process activity, including parent-child relationships, from your endpoints to populate the Endpoint data model in the Processes node. The command-line arguments are mapped to the process field in the Endpoint data model.

   Search

Open in Search