Analytics Alerts

Browse the Cortex analytics alert reference.

Severity
Detection module
Data source

1 alert match the current filters. tactic: TA0005 ✕ technique: T1053 ✕

Show ATT&CK heatmap
  • An unsigned process created scheduled task and performed an injection Medium 1 variation

    An unsigned process created scheduled task and performed an injection.

    Activation:
    14 Days
    Training:
    30 Days
    Test:
    4 Hours
    Deduplication:
    1 Day
    ATT&CK tactics: Persistence (TA0003) Defense Evasion (TA0005)
    ATT&CK techniques: Scheduled Task/Job: Scheduled Task (T1053.005) Process Injection (T1055)
    Required data: XDR Agent
    Detector tags: Scheduled tasks Analytics
    Attacker's goals: To ensure they have persistence on the system, the threat actor may use scheduled tasks to set persistence, Then, to avoid detection and carry out stealth execution, they may inject a malicious payload into a remote process.
    Investigative actions: Investigate the injection payload and the injection process. Check if the scheduled task trigger payload is malicious.

    Variations

    Possible an unsigned installer created scheduled task and performed an injection

    Low overridden

    Possible an unsigned installer created scheduled task and performed an injection. overridden