Forum Discussion
Burst of multiple reconnaissance commands could indicate initial activity after compromise
All of a sudden we have started receiving alerts for "Burst of multiple reconnaissance commands could indicate initial activity after compromise [seen multiple times]" for all the subscriptions/tenan...
We started receiving these alerts as well. I believe this could be related to a recent update in the OMS agent, based on FIM observed file changes. Can anyone else confirm if theOMS agent on their Linux VMs involved in these alerts recently updated?
Thanks!
Yes Ricky, OMS agent is involved in these alerts.
