Techniques
Sample rules
Unusual Linux Process Calling the Metadata Service
- source: elastic
- technicques:
- T1552
Description
Looks for anomalous access to the metadata service by an unusual process. The metadata service may be targeted in order to harvest credentials or user data scripts containing secrets.
Detection logic
Unusual Windows Process Calling the Metadata Service
- source: elastic
- technicques:
- T1552
Description
Looks for anomalous access to the metadata service by an unusual process. The metadata service may be targeted in order to harvest credentials or user data scripts containing secrets.
Detection logic