Hello Team, We are using Enterprise security in our environment and we have created correlation searches to trigger an alerts. Out of those there is one particular use case which is related to Process injection, We are receiving maximum number of incidents on this due to one Here I am not giving the name of the exe file due to security concerns: I will be using it as ___.exe Shellcode Injection activity detected. Process "___e.exe" has injected itself into ___.exe, ***.exe, +++.exe, ^^^.exe like this we are receiving many incidents. I have some doubts on this: 1. What is this Process injection and why the process are getting injected to others? , 2. How could we stop this to getting injected to others in Splunk (Or from Endgame), 3. We want to fine tune this use case, Is there any alternative to suppress these alerts from Endgame, 4. We have whitelisted some of these alerts with Source process path and Target process path, But still ___.exe still it getting triggered with new target paths. Its always injecting into some other targets. Can anyone please explain in clear cut, I am a rookie in cyber security. Not exactly getting many things. But out of those this is one which is hunting me. Thanking you in advance.
... View more