Suspicious Activity Monitoring provides a pre-emptive analysis of a potentially malicious threats on your sites managed endpoints. A suspicious activity is an abnormal behavior observed and analyzed using MITRE's adversary Tactics & Techniques. The severity of suspicious activities is automatically determined based on the affected security elements of the endpoint. This article provides an overview of the suspicious activity status screen.
The suspicious activity workflow includes the following steps:
- Suspicious activity is detected and automatically classified by Severity and summarized for review.
- Response and action taken on the detected threat. For more information, see Manage Suspicious Activity events in Malwarebytes OneView.
From the Suspicious Activity screen, click the detected path under the Location column. This screen displays an analysis of the suspicious activity to help you understand what the file or process is doing and what actions to take.
Rules Triggered
The Rules Triggered tile at the top of the suspicious activity status screen shows a list of suspicious files and processes found by Malwarebytes. Click the Show Summary button to expand details. Here you can see all detection rules triggered by the suspicious activity and their mapping in MITRE ATT&CK. Click MITRE ATT&CK Framework at the top for more information.
MITRE Tactics Mapping categorizes suspicious activity detections based on the exhibited behaviors of the file or process. Color-coded detection rules are provided to show which rules triggered the suspicious activity detection.
The detection rules are color coded by severity:
- Red: High Severity
- Orange: Medium Severity
- Yellow: Low Severity
Click on a triggered rule to display context of the detection, a description, threat tactics. and techniques detected during analysis. Use this option to view important hash key and process information for exclusion purposes.
OneView provides a detailed overview of the suspicious activity events across all sites. On the suspicious activity page, click the site name to navigate to suspicious activity page in the sites Nebula console. This provides additional monitored information and tools to analyze each potential threat. For more information, see Suspicious Activity Details in Malwarebytes Nebula.
Return to the Malwarebytes OneView User Guide.