System_API_call_detected_Carbon Black_CB Defense

Alert

System API call detected (SYSTEM_API_CALL)

SK4 unified event:
Connector/Service

Carbon Black/CB Defense

SK4 Version:

2.3.180

Created Date:

Sun Mar 17 2019 09:55:50 GMT+0000 (Coordinated Universal Time)

Last Update:

Tue Jun 18 2019 11:11:28 GMT+0000 (Coordinated Universal Time)

Category

Security Alert

Description

The system's shell has been used to run a process.

Search query

cef_vendor="skyformation" cef_name="security-threat-detected" destinationServiceName="Carbon Black" act="run" fileType="process"

Parsed CEF
Unparsed raw data

Expand to see an example...

Audit sources