Remote Command Execution

The
Remote Command Execution
Analytics alert indicates that an account is performing remote command execution from a endpoint that historically does not perform that activity.

Synopsis

10 minutes
14 days
14 days
30 days
Traffic logs
Severity
Varies by activity (High, Medium, or Low).

Description

An account is performing remote command execution from a endpoint that historically does not perform that activity.

Attacker's Goals

The attacker is expanding his reach into your network by executing commands on a remote endpoint.

Investigative Actions

  • Examine
    Alert Details
    Overview
    to identify the source endpoint, process running the command execution, process owner, and execution destination.

Recommended For You