Endpoint Logs
(OBJ 4.9)
Endpoint Log example
/CAP/Security+/Visual%20Aids/Pasted%20image%2020250725171813.png)
-
They may not show you the detail column because that would be too easy for the exam
-
Description Examples:
- Web Browser Start
- File Download Initiated/Completed
- Antivirus Alert
- User override alert
- File Execution
- Stage 1 Dropper Executed
- A piece of malware but it's not the malware that's actually going to do really bad things to your system yet. Instead it is used to go download a larger program that contains all the malicious code it needs to run the stage 2
- Outbound connection detected
- Stage 2 dropper is located here
- File Download Initiated/Completed
- Antivirus Deactivated
- Deactivated by the file we downloaded
- Stage 2 Dropper Created
- New Process Created
- Unauthorized System Modification
- Admin is notified of a malicious process
- Network Anomaly Detected
- Sending data back to the attacker do they can have a data exfiltration from your system.
- Security Breach Suspected
- Security measures create an alert for our analysts to go in and investigate the incident
-
Tend to have a lot of good detail in them