A large number of MITRE incidents are being generated
Article ID: 189619
Endpoint Detection and Response
There are a large number of MITRE incidents being generated with the bash.virus_name of SONAR.SuspCL!g1.
The BPE signature underlying SDS signature for SONAR.SuspCL!g1 is CL.Downloader!sr13 which is a telemetry silent signature.
As a temporary workaround SEP released a SONAR definition set which removed the silent check.
Starting with SEDR 4.4, SEDR does not create events for these telemetry signatures.