Select Page
Categories
<< Back to Alerts

ABB, Start

An ABB operation was performed - Start action

Categories:

ID Number

9000010

Signature

-

MITRE ATT&CK Technique

-

Severity

medium

Recommendations/Investigative actions

Identify the affected endpoint- Get the source and destination IP address and the device type from the alert. Find the site name, subnet and the indicated business process. Once you have all the information needed, contact POC site manager and verify if it’s legitimate action and close the event.

Relations to other alerts