Suspicious Processes Spawned by WinRM (5cc2cda8-f261-4d88-a2de-e9e193c86716)
Detects suspicious processes including shells spawnd from WinRM host process
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) | Attack Pattern | Suspicious Processes Spawned by WinRM (5cc2cda8-f261-4d88-a2de-e9e193c86716) | Sigma-Rules | 1 |