- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Detect attempts to create an interactive shell from common web or application processes.
Many applications (for example, certain databases, web servers, and search engines) are hosted by binaries that run on the host. Attackers may take advantage of flaws in programs built with these applications (for example, SQL injection on a database running as a Java process).
This detection triggers when a process spawns common shell utilities, HTTP utilities, or shells with arguments that are known to be used to establish shells on the targeted asset. If this is unexpected behavior, it could indicate an attacker is attempting to compromise your host.
Requires Agent version 7.27 or later.