CREATE_ANOTHER_PROCESS_Carbon Black_CB Defense

Alert

Create process detected (CREATE PROCESS)

SK4 unified event:
Connector/Service

Carbon Black/CB Defense

SK4 Version:

2.3.180

Created Date:

Tue Mar 12 2019 13:35:08 GMT+0000 (Coordinated Universal Time)

Last Update:

Tue Jun 18 2019 11:11:30 GMT+0000 (Coordinated Universal Time)

Category

Security Alert

Description

An unlisted process has been started by running an application.

Search query

cef_vendor="skyformation" cef_name="security-threat-detected" destinationServiceName="Carbon Black" act="run" fileType="application"

Parsed CEF
Unparsed raw data

Expand to see an example...

Audit sources