- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Detect the minidump function of comsvcs.dll being used to dump process memory.
Threat actors are known to utilize tools found natively in a victim’s environment to accomplish their objectives. Comsvcs.dll, a legitimate Windows dll, has been abused by malicious actors in the past to dump process memory, notably from LSASS in an attempt to extract credentials.
Requires Agent version 7.50.0 or greater.
This rule is a part of the beta for detections on Windows! If you would like to try the new Windows agent, create a support ticket and indicate that you wish to join the Cloud Security Management - Windows beta.