Timestamp↓ | Agent | User | Process | Parent Process | Event ID | Rule ID | Severity |
|---|---|---|---|---|---|---|---|
| 1/15/2024, 2:40:55 PM | WIN-WORKSTATION-05 192.168.1.105 | user01 | C:\Users\user01\AppData\Local\Temp\malicious.exe | C:\Windows\System32\wscript.exe | 4688 | 18161 | High (9) |
| 1/15/2024, 2:38:09 PM | WIN-SERVER-03 192.168.1.52 | administrator | C:\Windows\System32\mstsc.exe | C:\Windows\explorer.exe | 4688 | 18158 | Medium (4) |
| 1/15/2024, 2:35:22 PM | WIN-WORKSTATION-07 192.168.1.107 | bob.johnson | C:\Program Files\Google\Chrome\Application\chrome.exe | C:\Windows\explorer.exe | 4688 | 18156 | Low (3) |
| 1/15/2024, 2:32:47 PM | WIN-SERVER-01 192.168.1.50 | guest | C:\Windows\System32\runas.exe | C:\Windows\System32\cmd.exe | 4688 | 18160 | High (8) |
| 1/15/2024, 2:30:15 PM | WIN-WORKSTATION-03 192.168.1.103 | jane.smith | C:\Windows\System32\net.exe | C:\Windows\System32\cmd.exe | 4688 | 18159 | Medium (5) |
| 1/15/2024, 2:27:33 PM | WIN-SERVER-02 192.168.1.51 | service_account | C:\Program Files\Application\app.exe | C:\Windows\System32\services.exe | 4688 | 18156 | Low (2) |
| 1/15/2024, 2:25:12 PM | WIN-WORKSTATION-05 192.168.1.105 | admin | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | C:\Windows\System32\cmd.exe | 4688 | 18157 | High (7) |
| 1/15/2024, 2:24:35 PM | WIN-WORKSTATION-02 192.168.1.102 | 11 | 92110 | High (7) | |||
| 1/15/2024, 2:24:30 PM | WIN-WORKSTATION-02 192.168.1.102 | 1 | 92100 | Medium (6) | |||
| 1/15/2024, 2:23:45 PM | WIN-SERVER-01 192.168.1.50 | john.doe | C:\Windows\System32\cmd.exe | C:\Windows\explorer.exe | 4688 | 18156 | Low (3) |
Showing 1-10 of 10 alerts
Page 1 of 1