A process performed a rare
SMTP/S session to a remote endpoint and port. For additional context,
this alert identifies the full command used to start the session
and the total number of endpoints on which the command was run in
the last 14 days.
SMTP and its SSL-secured
variant SMTPS are used to send email. Attackers can use SMTP/S to
exfiltrate data from your network.