Cisco Secure Endpoint malicious activity detected in system scan

This rule is part of a beta feature. To learn more, contact Support.
cisco-secure-endpoint

Classification:

attack

Tactic:

TA0002-execution

Technique:

T1204-user-execution

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Goal

This rule is designed to identify and flag instances of potential malicious activity detected during system scans conducted by Cisco Secure Endpoint.

Strategy

This rule monitors and reports the presence of a positive number of malicious detections identified during comprehensive system scans executed by Cisco Secure Endpoint.

Triage and response

  1. Investigate the system scan by hostname: {{@event.computer.hostname}}.
  2. Investigate more about the system scan by scan description ({{@event.scan.description}}) and number of malicious detections ({{@event.scan.malicious_detections}}).
  3. Initiate containment measures to isolate affected systems or endpoints from the network if confirmed as a security threat.
  4. Execute remediation actions, such as deploying security patches, updating antivirus definitions, or performing system scans to remove any detected malware.
  5. Take necessary and appropriate actions based on the company procedures.