Skip to content

Settings and activity

1 result found

  1. 5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Bill Sutphin commented  · 

    Agree as to need for complete detail. Consider the following detection category:

    Identifies suspicious processes indirectly spawned by Microsoft Office applications. These descendant processes are often launched during exploitation. This alert may have more noise than the direct descendent rule (Suspicious MS Office Child Process). MITRE ATT&CK™ T1064 - Scripting, T1173 - Dynamic Data Exchange, T1192 - Spearphishing Link, T1193 - Spearphishing Attachment.