Analytics Alerts
Browse the Cortex analytics alert reference.
1 alert match the current filters. technique: T1211 ✕
Show ATT&CK heatmapRare security product signed executable executed in the network Low
Attackers may attempt to install a security product with a known vulnerability to bypass security features.
- Activation:
- 14 Days
- Training:
- 30 Days
- Test:
- N/A (single event)
- Deduplication:
- 1 Day
ATT&CK tactics: Defense Evasion (TA0005)ATT&CK techniques: Exploitation for Defense Evasion (T1211)Required data: XDR AgentAttacker's goals: Adversaries may exploit the application vulnerability to bypass security features.Investigative actions: Check if the security product was installed by a legitimate user and intentionally.