18Ağu
SVCHOST Executed without any arguements [closed]
Our SIEM has a Sigma rule that alerts when svchost is launched without any arguments. The logs are from a domain controller which unfortunately I don't have access to to verify. I will be reaching out to our system admin, but can anyone think of why a Windows domain controller would launch svchost without any arguments? A link to the Sigma rule is below.
Rule: Suspect Svchost Activity
