← Library
kqlElastic-2.0from elastic/detection-rules

First Time Python Created a LaunchAgent or LaunchDaemon

Quality
92
FP risk
Forks
0
Views
0
ATT&CK techniques
T1543T1543.001T1543.004
Rule sourcerules/macos/persistence_python_launch_agent_or_daemon_creation_first_occurrence.toml
host.os.type:macos and event.action:"launch_daemon" and
process.name:python*