Potential SquiblyTwo Technique Execution
Detects potential SquiblyTwo attack technique with possible renamed WMIC via Imphash and OriginalFileName fields
Read MoreDetects the execution of other scripts using the Node executable packaged with Adobe Creative Cloud
Read MoreSuspicious Installer Package Child Process
Detects the execution of suspicious child processes from macOS installer package parent process. This includes osascript, JXA, curl and wget amongst other interpreters
Read MoreFile Was Not Allowed To Run
Detect run not allowed files. Applocker is a very useful tool, especially on servers where unprivileged users have access. For example terminal servers. You need configure applocker and log collect to receive these events.
Read More