Security teams report the below alerts and want to know these are legitimate?
d:\\devtest10.6\\jre\\bin\\java\" -Dprogram.name=standalone.bat -Diam.keystore.password=${VAULT::IAM::IAM_KEYSTORE_PASSWORD::1} -DIAM_HOME=D:\\DevTest10.6\\IdentityAccessManager\\ -Diam.db.password=${VAULT::IAM::IAM_DB_PASSWORD::1} -Diam.vault.enc.iteration.count=120 -Diam.db.vendor=h2 -Diam.vault.keystore.password.masked=MASK-7DscHYCAzRJgjgpBba72IwRGfBaq4CFF70uETVutVDX -Diam.truststore.password=${VAULT::IAM::IAM_TRUSTSTORE_PASSWORD::1} -Diam.keystore=D:\\DevTest10.6\\IdentityAccessManager\\certs/webreckeys.ks -Diam.vault.keystore.salt=6zqH6N6p -Diam.truststore=D:\\DevTest10.6\\IdentityAccessManager\\certs/iam-truststore.ks -Diam.vault.enc.file.dir=D:\\DevTest10.6\\IdentityAccessManager\\vault/ -Diam.vault.keystore.alias=vault -Diam.vault.keystore.url=D:\\DevTest10.6\\IdentityAccessManager\\vault/vault.keystore -Diam.db.user=sa -Djboss.http.port=51112 -Djboss.https.port=51111 -Djboss.bind.address.management=0.0.0.0 -Djboss.bind.address=0.0.0.0 -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=iam-updater -Dkeycloak.migration.dir=../realms-to-import -Dkeycloak.migration.strategy=IGNORE_EXISTING -Diam.version=1.3.2 -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true \"-Dorg.jboss.boot.log.file=D:\\DevTest10.6\\IdentityAccessManager\\standalone\\log\\server.log\" \"-Dlogging.configuration=file:D:\\DevTest10.6\\IdentityAccessManager\\standalone\\configuration/logging.properties\" -jar \"D:\\DevTest10.6\\
If the command is legitimate, what activity triggered the system to start alerting and why is it triggering so often
May be some changes happened on the Security scanner side which might be showing the alerts.
Release : 10.6
Component : CA Service Virtualization