LoFP
/
t1595
t1595
Title
Tags
some administrator activity can be potentially triggered, please add those users to the filter macro.
t1003
t1036.005
t1595
endpoint
splunk
there is a potential for false positives if the container is used for legitimate tasks that require the use of network utilities, such as network troubleshooting, testing or system monitoring. it is important to investigate any alerts generated by this rule to determine if they are indicative of malicious activity or part of legitimate container activity.
t1046
t1105
t1595
_deprecated
elastic
LoFP
/
t1595