Machine Learning Detected a Suspicious Windows Event with a High Malicious Probability Score triggering on all kinds of normal processes

Hello,

I activated "Machine Learning Detected a Suspicious Windows Event with a High Malicious Probability Score" and "Living off the Land Attack Detection" and followed the procedure.

It seems to be triggering on a lot of my usual / normal processes. For example opening brave and then opening a new tab always triggers a blocklist_label of 1.

Am I doing something wrong or is it normal that this triggers so frequently with a "High Malicious Probability Score"?

I'm using the latest version 2.4.0 in Elastic Security Serveless.

Willem

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.