LoFP
/
t1036.005
t1036.005
Title
Tags
some administrator activity can be potentially triggered, please add those users to the filter macro.
t1003
t1036
t1036.005
t1595
endpoint
splunk
some security products seem to spawn these
t1036
t1036.003
t1036.005
windows
sigma
system components such as daemon-set-controller and kube-scheduler also create pods in the kube-system namespace
t1036
t1036.005
kubernetes
sigma
system processes copied outside their default folders for testing purposes
t1036
t1036.005
windows
sigma
third party software naming their software with the same names as the processes mentioned here
t1036
t1036.005
windows
sigma
unknown flash download locations
t1036
t1036.005
t1189
t1204
t1204.002
sigma
LoFP
/
t1036.005