Analytics Alerts

Browse the Cortex analytics alert reference.

Severity
Detection module
Data source

1 alert match the current filters. technique: T1211 ✕

Show ATT&CK heatmap
  • Rare security product signed executable executed in the network Low

    Attackers may attempt to install a security product with a known vulnerability to bypass security features.

    Activation:
    14 Days
    Training:
    30 Days
    Test:
    N/A (single event)
    Deduplication:
    1 Day
    ATT&CK tactics: Defense Evasion (TA0005)
    ATT&CK techniques: Exploitation for Defense Evasion (T1211)
    Required data: XDR Agent
    Attacker's goals: Adversaries may exploit the application vulnerability to bypass security features.
    Investigative actions: Check if the security product was installed by a legitimate user and intentionally.