|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-05-28 | |
| Rule Name: | Suspicious Powershell Detection | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | SMB (Server Message Block) is a network protocol used for sharing files, printers, and serial ports on a computer network, and for providing communication between networked computers. This rule is used to detect suspicious attempts to invoke PowerShell via the SMB protocol. The rule may generate false positives, so it is necessary to use additional tools and log monitoring for comprehensive analysis when this rule is triggered. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |