Possible Search For Password Files

The
Possible Search For Password Files
alert indicates a possible search for files that have passwords in them.

Synopsis

10 minutes
3 days
14 days
10 minutes
Cortex XDR agent endpoint data
Severity
Medium

Description

A process executed a command line that searches for files that store passwords. This is suspicious, as attackers often search for passwords in order to gain access to privileged accounts, and the same command line was seen on only a handful of endpoints in the last 14 days, if at all.

Attacker's Goals

Gain user-account credentials.

Investigative Actions

Check whether the executing process is benign, and if this was a desired behavior as part of its normal execution flow.

Recommended For You