Log analysis - Search and destroy - Challenge

I have trouble answering the question: “What is the name of the suspicious service?” The question is too general and I don’t know what it refers to and where to look for the answer?

Hey there - if you review the logs in Wazuh, you should be able to find an alert related to a new Windows service being started. That alert will contain the name of the service.

3 Likes

Thanks, it helped me solve the conundrum :slight_smile:

2 Likes