System event types based on Command Control technology

This section provides a description of a system event type associated with Command Control technology (see the table below).

System event type based on Command Control technology (CC)

Code	Title of event type	Severity	Registration conditions
4000002602	$systemCommandShort	Determined by the importance level of the system command	A monitored system command was detected (and there is no enabled Interaction Control rule for the system command). The following variables are used in the title and description of an event type: $systemCommandShort – brief description of the detected system command. $systemCommandFull – detailed description of the detected system command. $attackTechniques – list of possible techniques from the MITRE ATT&CK Knowledge Base that could be employed by cybercriminals for attacks using this system command.

Code

Title of event type

Severity

Registration conditions

4000002602

$systemCommandShort

Determined by the importance level of the system command

A monitored system command was detected (and there is no enabled Interaction Control rule for the system command).

The following variables are used in the title and description of an event type:

$systemCommandShort – brief description of the detected system command.
$systemCommandFull – detailed description of the detected system command.
$attackTechniques – list of possible techniques from the MITRE ATT&CK Knowledge Base that could be employed by cybercriminals for attacks using this system command.