LoFP
/
T1053.006
T1053.006
Title
Tags
administrator or network operator can use this commandline for automation purposes. please update the filter macros to remove false positives.
t1053
t1053.002
t1053.003
T1053.006
t1098
T1098.004
t1546
t1546.004
endpoint
splunk
false positives may arise when administrators or network operators create files in systemd directories for legitimate automation tasks. therefore, it's important to adjust filter macros to account for valid activities. to implement this search successfully, it's crucial to ingest appropriate logs, preferably using the linux sysmon add-on from splunkbase for those using sysmon.
t1053
T1053.006
endpoint
splunk
LoFP
/
T1053.006