Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Identifies instances of a base64 encoded PE file header seen in the process command line parameter. To use this analytics rule, make sure you have deployed the ASIM normalization parsers
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | f8b3c49c-4087-499b-920f-0dcfaff0cbca |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | Execution, DefenseEvasion |
| Techniques | T1059, T1027, T1140 |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊