Bill Sutphin

My feedback

  1. 5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Acrobat for Windows and Mac » Other  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Bill Sutphin commented  · 

    Agree as to need for complete detail. Consider the following detection category:

    Identifies suspicious processes indirectly spawned by Microsoft Office applications. These descendant processes are often launched during exploitation. This alert may have more noise than the direct descendent rule (Suspicious MS Office Child Process). MITRE ATT&CK™ T1064 - Scripting, T1173 - Dynamic Data Exchange, T1192 - Spearphishing Link, T1193 - Spearphishing Attachment.

Feedback and Knowledge Base