Goal

Detect common shell utilities, HTTP utilities, or shells spawned by a Java process.

Strategy

This detection monitors process executions and generates a signal when a process is spawned from Java. The severity of the signal is based on how closely the activity aligns with known malicious behavior.

Requires Agent version 7.27 or later