Detections
Analytics
System Service Discovery (Windows)
Description
Adversaries may try to gather information about registered local system services. Adversaries may obtain information about services using tools as well as OS utility commands such as sc query, tasklist /svc, systemctl --type=service, and net start.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | SMB | Windows Services | Plugin ID: 44401 |
References
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Discovery
Technique: System Service Discovery
Sub-Technique: System Service Discovery
Platform: Windows
Products Required: Tenable Vulnerability Management
Tenable Release Date: 2022 Q2