A large number of MITRE incidents are being generated
Article ID: 189619
Updated On:
Products
Endpoint Detection and Response
Issue/Introduction
There are a large number of MITRE incidents being generated with the bash.virus_name of SONAR.SuspCL!g1.
Cause
The BPE signature underlying SDS signature for SONAR.SuspCL!g1 is CL.Downloader!sr13 which is a telemetry silent signature.
Resolution
As a temporary workaround SEP released a SONAR definition set which removed the silent check.
Starting with SEDR 4.4, SEDR does not create events for these telemetry signatures.
Starting with SEDR 4.4, SEDR does not create events for these telemetry signatures.
Feedback
Yes
No
Powered by
