- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Detects when a suspicious remote named pipe is observed, which could indicate lateral movement or remote execution attempts by malicious actors.
Monitoring of Windows event logs where @evt.id
is 5145
and grouping by @Event.System.Computer
, where A network share object was checked to see whether client can be granted desired access. The value that was observed was unusual, which made it suspicious.
Verify if the exection of the suspicious pipe on {{@@Event.System.Computer}}
is expected. If the execution was not intended isolate the system.