Hello Cortex users, wondering if anyone has seen this before? We are getting a single host flagged with a large amount of " Behavioral threat detected (rule: create_renamed_script_engine_by_hash)" but when we investigate in Cortex XDR there is almost no information to go on. The process shows ::1 for the value, no path, command, PID, TID, MD5. Signature is unavailable. It's not giving us much to go on. We looked at the host and didn't see anything in particular in the System/Application/Security event logs, nothing repeating at the times the events fires. We were seeing it up to every about 5 minutes last night. Any guidance on what we can zero in on, I can't find any other references to this specific alert. Thanks!
... View more