An alert is triggered upon running a hacking tool in the form of a script or executable in command line tools.

An alert is triggered upon running one of the predefined hacking or spoofing tools on a Windows system that can be used to gain access to restricted areas or to create damage to the organization’s assets.

An alert is triggered upon running one of the predefined password cracking tools that can be used to try and break a password-protected file with potentially sensitive information.

An alert is triggered upon running one of the predefined port scanning tools that can be used as a port scanning attack to gain knowledge about which services are running on a specific machine, and what is the installed OS.

An alert is triggered upon running a predefined malicious command.

(It is suggested that you periodically review the malicious commands list.)

An alert is triggered upon detecting the execution of a SETUID program which is not included in the standard SETUID programs.

An alert is triggered upon running one of the predefined hacking or spoofing tools on a Linux system that can be used to gain access to restricted areas or to create damage to the organization assets.

An alert is triggered upon running the NC utility (netcat) that can be used to perform advanced networking actions, such as opening TCP connections, sending UDP packets, and scanning ports.