Scheduled task created

This rule is part of a beta feature. To learn more, contact Support.

Classification:

attack

Tactic:

TA0003-persistence

Technique:

T1053-scheduled-task-or-job

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect the creation of scheduled tasks.

Strategy

This rule generates a signal when a scheduled task is created. Threat actors often use scheduled tasks as a persistence mechanism.

Triage and response

  1. Identify what the scheduled task is executing and determine if it’s authorized.
  2. If it’s not authorized, isolate the host from the network.
  3. Follow your organization’s internal processes for investigating and remediating compromised systems.

Requires Agent version 7.50.0 or greater.

This rule is a part of the beta for detections on Windows! If you would like to try the new Windows agent, create a support ticket and indicate that you wish to join the Cloud Security Management - Windows beta.