You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/device-builders/concept-agent-based-security-alerts.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,16 +24,16 @@ In this article, you'll find a list of built-in alerts, which can be triggered o
24
24
| Port forwarding detection | High | Defender-IoT-micro-agent | Initiation of port forwarding to an external IP address detected. | Review with the user that ran the command if this was legitimate activity that you expect to see on the device. If not, escalate the alert to the information security team. | IoT_PortForwarding |
25
25
| Possible attempt to disable Auditd logging detected | High | Defender-IoT-micro-agent | Linux Auditd system provides a way to track security-relevant information on the system. The system records as much information about the events that are happening on your system as possible. This information is crucial for mission-critical environments to determine who violated the security policy and the actions they performed. Disabling Auditd logging may prevent your ability to discover violations of security policies used on the system. | Check with the device owner if this was legitimate activity with business reasons. If not, this event may be hiding activity by malicious actors. Immediately escalated the incident to your information security team. | IoT_DisableAuditdLogging |
26
26
| Reverse shells | High | Defender-IoT-micro-agent | Analysis of host data on a device detected a potential reverse shell. Reverse shells are often used to get a compromised machine to call back into a machine controlled by a malicious actor. | Review with the user that ran the command if this was legitimate activity that you expect to see on the device. If not, escalate the alert to the information security team. | IoT_ReverseShell |
27
-
| Successful local login | High | Defender-IoT-micro-agent | Successful local sign-in to the device detected | Make sure the signed in user is an authorized party. | IoT_SucessfulLocalLogin |
27
+
| Successful local login | High | Defender-IoT-micro-agent | Successful local sign-in to the device detected.| Make sure the signed in user is an authorized party. | IoT_SucessfulLocalLogin |
28
28
| Web shell | High | Defender-IoT-micro-agent | Possible web shell detected. Malicious actors commonly upload a web shell to a compromised machine to gain persistence or for further exploitation. | Review with the user that ran the command if this was legitimate activity that you expect to see on the device. If not, escalate the alert to the information security team. | IoT_WebShell |
29
29
| Behavior similar to ransomware detected | High | Defender-IoT-micro-agent | Execution of files similar to known ransomware that may prevent users from accessing their system, or personal files, and may demand ransom payment to regain access. | Review with the user that ran the command if this was legitimate activity that you expect to see on the device. If not, escalate the alert to the information security team. | IoT_Ransomware |
30
30
| Crypto coin miner image | High | Defender-IoT-micro-agent | Execution of a process normally associated with digital currency mining detected. | Verify with the user that ran the command if this was legitimate activity on the device. If not, escalate the alert to the information security team. | IoT_CryptoMiner |
31
31
| New USB Connection | High | Defender-IoT-micro-agent | A USB device connection was detected. This may indicate malicious activity. | Confirm this is a legitimate expected activity on the host. If not, escalate the alert to your information security team. | IoT_USBConnection |
32
-
| USB Disconnection | High | Defender-IoT-micro-agent | A USB device disconnection was detected. This may indicate malicious activity | Confirm this is a legitimate expected activity on the host. If not, escalate the alert to your information security team. | IoT_UsbDisconnection |
32
+
| USB Disconnection | High | Defender-IoT-micro-agent | A USB device disconnection was detected. This may indicate malicious activity.| Confirm this is a legitimate expected activity on the host. If not, escalate the alert to your information security team. | IoT_UsbDisconnection |
33
33
| New Ethernet Connection | High | Defender-IoT-micro-agent | A new Ethernet connection was detected. This may indicate malicious activity. | Confirm this is a legitimate expected activity on the host. If not, escalate the alert to your information security team. | IoT_EthernetConnection |
34
-
| Ethernet Disconnection | High | Defender-IoT-micro-agent | A new Ethernet disconnection was detected. This may indicate malicious activity | Confirm this is a legitimate expected activity on the host. If not, escalate the alert to your information security team. | IoT_EthernetDisconnection |
35
-
| New File Created | High | Defender-IoT-micro-agent | A new file was detected. This may indicate malicious activity | Confirm this is a legitimate expected activity on the host. If not, escalate the alert to your information security team. | IoT_FileCreated |
36
-
| File Modified | High | Defender-IoT-micro-agent | File modification was detected. This may indicate malicious activity | Confirm this is a legitimate expected activity on the host. If not, escalate the alert to your information security team. | IoT_FileModified |
34
+
| Ethernet Disconnection | High | Defender-IoT-micro-agent | A new Ethernet disconnection was detected. This may indicate malicious activity.| Confirm this is a legitimate expected activity on the host. If not, escalate the alert to your information security team. | IoT_EthernetDisconnection |
35
+
| New File Created | High | Defender-IoT-micro-agent | A new file was detected. This may indicate malicious activity.| Confirm this is a legitimate expected activity on the host. If not, escalate the alert to your information security team. | IoT_FileCreated |
36
+
| File Modified | High | Defender-IoT-micro-agent | File modification was detected. This may indicate malicious activity.| Confirm this is a legitimate expected activity on the host. If not, escalate the alert to your information security team. | IoT_FileModified |
37
37
| File Deleted | High | Defender-IoT-micro-agent | File deletion was detected. This may indicate malicious activity. | Confirm this is a legitimate expected activity on the host. If not, escalate the alert to your information security team. | IoT_FileDeleted |
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments