System event types based on Command Control technology

Support

Support for business applications

Kaspersky Industrial CyberSecurity for Networks

Appendices

System event types in Kaspersky Industrial CyberSecurity for Networks

System event types based on Command Control technology

March 22, 2024

ID 187473

This section provides a description of a system event type associated with Command Control technology (see the table below).

System event type based on Command Control technology (CC)

Code	Title of event type	Registration conditions
4000002602	$systemCommandShort	A monitored system command was detected (and there is no enabled Interaction Control rule for the system command). The following variables are used in the title and description of an event type: $systemCommandShort – brief description of the detected system command. $systemCommandFull – detailed description of the detected system command. $attackTechniques – list of possible techniques from the MITRE ATT&CK Knowledge Base that could be employed by cybercriminals for attacks using this system command.

Code

Title of event type

Registration conditions

4000002602

$systemCommandShort

A monitored system command was detected (and there is no enabled Interaction Control rule for the system command).

The following variables are used in the title and description of an event type:

$systemCommandShort – brief description of the detected system command.
$systemCommandFull – detailed description of the detected system command.
$attackTechniques – list of possible techniques from the MITRE ATT&CK Knowledge Base that could be employed by cybercriminals for attacks using this system command.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.