scrons.exe Rare Child Process
The Cortex XDR – Analytics scrons.exe Rare Child Process alert indicates a scrons.exe spawned a child process, which may indicate remote code execution abuse by an attacker.
Traps endpoint data.
The Windows Management Instrumentation (WMI) standard event consumer scrcons.exe executed a rare VBScript or PowerShell script. Executing a rare script can be an indication of local or remote code execution abuse by an attacker.
wmiprsve.exe Rare Child Process
wmiprsve.exe Rare Child Process The Cortex XDR – Analytics wmiprsve.exe Rare Child Process alert indicates a remote WMI command executed a binary proxy, wmiprvse.exe, which ...
wsmprovhost.exe Rare Child Process
wsmprovhost.exe Rare Child Process The Cortex XDR – Analytics wsmprovhost.exe Rare Child Process alert indicates a remote WMI command executed a binary proxy, wsmprovhost.exe, which ...
Possible Cortex XDR – Analytics Alerts
All possible Cortex XDR – Analytics alerts grouped by attack category. ...
Cortex XDR – Analytics Alert Reference
Cortex XDR – Analytics Alert reference includes symptoms of the alert, how the symptoms are detected, and what should be done about the alert. ...
Rare WinRM Session
Rare WinRM Session The Rare WinRM Session alert indicates that a process performed a rare Windows Remote Management (WinRM) session to a remote endpoint and ...
Remote Command Execution
Remote Command Execution The Cortex XDR – Analytics Remote Command Execution alert indicates that an account is performing remote command execution from a endpoint that historically ...
Rare SMTP/S Session
Rare SMTP/S Session The Rare SMTP/S Session alert indicates that a process performed a rare Simple Mail Transfer Protocol (SMTP/S) session to a remote endpoint ...
Rare SSH Session
Rare SSH Session The Rare SSH Session alert indicates that a process performed a rare Secure Shell (SSH) session using NT AUTHORITY\SYSTEM privileges to a ...
New Features May 2019
New Features: May 2019 Feature Description Mobile Endpoint Coverage through GlobalProtect and GlobalProtect Cloud Service The Cortex XDR™ – Analytics app can now detect threats ...