โ
Case #578
general.Sensitive Process Accessed
๐ท๏ธ Analyst Verdict Classification
FP by analyst๐ค AI Analysis
๐ Detections (1)
Sensitive Process Accessed
low
Rule: general.Sensitive Process Accessed
Hostname: desktop-3nfb237 ยท Sensor: ed8f7c3f-3a1a-49...
Event Type: SENSITIVE_PROCESS_ACCESS
Confidence: 95% ยท Verdict: false positive
Event Data:
EVENTS:
[{'event': {'BASE_ADDRESS': 140702525030400, 'COMMAND_LINE': 'C:\\WINDOWS\\system32\\lsass.exe', 'CREATION_TIME': 1773245868875, 'FILE_IS_SIGNED': 1, 'FILE_PATH': 'C:\\WINDOWS\\system32\\lsass.exe', 'HASH': '055a1226a769948a79ed0972bdee2d91937c4b521e0b9046f9b8ccc63d110115', 'MEMORY_USAGE': 19705856, 'PARENT': {'FILE_IS_SIGNED': 1, 'FILE_PATH': '\\Device\\HarddiskVolume3\\Windows\\System32\\wininit.exe', 'HASH': 'ba26910be549b8700c08fbe2f160952288864470a30dd35c3c6b7782f7dbf857', 'MEMORY_USAGE': 7323648, 'PARENT_PROCESS_ID': 720, 'PROCESS_ID': 840, 'THIS_ATOM': '58b1f2a11a942a48999a6fbd69b1964c', 'THREADS': 1, 'TIMESTAMP': 1773246028618, 'USER_NAME': 'NT AUTHORITY\\SYSTEM'}, 'PARENT_PROCESS_ID': 840, 'PROCESS_ID': 980, 'THREADS': 16, 'USER_NAME': 'NT AUTHORITY\\SYSTEM'}, 'routing': {'arch': 2, 'did': '', 'event_id': 'd3b670bd-e709-4598-a235-fc769c5925e8', 'event_time': 1773246029212, 'event_type': 'EXISTING_PROCESS', 'ext_ip': '23.128.32.10', 'hostname': 'desktop-3nfb237', 'iid': 'b2cd59fc-d09d-49e0-a9f2-1fd79ee9c175', 'int_ip': '192.168.50.40', 'latency': 1260578539, 'moduleid': 2, 'oid': 'd3541070-8b0e-4663-8a6a-aa0727aacd36', 'parent': '58b1f2a11a942a48999a6fbd69b1964c', 'plat': 268435456, 'sid': 'ed8f7c3f-3a1a-493e-8fa4-35eb8c30b136', 'tags': ['fusion-soc-alert', 'fusion-soc-case', 'fusion-soc-pulled', 'fusion-soc-triage', 'fusionsoc-critical', 'fusionsoc-high', 'fusionsoc-investigated', 'qucikbooks', 'windows'], 'this': 'b2fe617fb2365f162bc5846069b1964d'}}, {'event': {'ACCESS_FLAGS': 2097151, 'PARENT_PROCESS_ID': 14404, 'PROCESS_ID': 980, 'SOURCE': {'BASE_ADDRESS': 8847360, 'COMMAND_LINE': '"C:\\Program Files\\Dell\\SupportAssistAgent\\SRE\\SRE.exe" "en" "C:\\ProgramData\\Dell\\SupportAssist\\Agent\\Certificate\\SRE\\c64488ae-9e87-4370-ae3f-c87763d98f56.pfx" "127.0.0.1:10560" "14353ecf-d8a0-479d-a7cb-b846d1c121df" "false"', 'FILE_IS_SIGNED': 1, 'FILE_PATH': 'C:\\Program Files\\Dell\\SupportAssistAgent\\SRE\\SRE.exe', 'HASH': '4209038199a68a376fc84137887a18bbeb149f54ad610645f2d585c44a569f31', 'MEMORY_USAGE': 2113536, 'PARENT_ATOM': 'dc9dc13c395f9426efb5762e69c4d10e', 'PARENT_PROCESS_ID': 15104, 'PROCESS_ID': 14404, 'THIS_ATOM': '409619ceaae053692b3c62d269c4d184', 'THREADS': 1, 'TIMESTAMP': 1774506372343, 'USER_NAME': 'NT AUTHORITY\\SYSTEM'}, 'TARGET': {'BASE_ADDRESS': 140702525030400, 'COMMAND_LINE': 'C:\\WINDOWS\\system32\\lsass.exe', 'CREATION_TIME': 1773245868875, 'FILE_IS_SIGNED': 1, 'FILE_PATH': 'C:\\WINDOWS\\system32\\lsass.exe', 'HASH': '055a1226a769948a79ed0972bdee2d91937c4b521e0b9046f9b8ccc63d110115', 'MEMORY_USAGE': 19705856, 'PARENT_ATOM': '58b1f2a11a942a48999a6fbd69b1964c', 'PARENT_PROCESS_ID': 840, 'PROCESS_ID': 980, 'THIS_ATOM': 'b2fe617fb2365f162bc5846069b1964d', 'THREADS': 16, 'TIMESTAMP': 1773246029212, 'USER_NAME': 'NT AUTHORITY\\SYSTEM'}}, 'routing': {'arch': 2, 'did': '', 'event_id': '7646592a-38ef-4ed1-a96e-2aeae599da15', 'event_time': 1774506607164, 'event_type': 'REMOTE_PROCESS_HANDLE', 'ext_ip': '23.128.32.10', 'hostname': 'desktop-3nfb237', 'iid': 'b2cd59fc-d09d-49e0-a9f2-1fd79ee9c175', 'int_ip': '192.168.50.40', 'latency': 587, 'moduleid': 2, 'oid': 'd3541070-8b0e-4663-8a6a-aa0727aacd36', 'parent': '409619ceaae053692b3c62d269c4d184', 'plat': 268435456, 'sid': 'ed8f7c3f-3a1a-493e-8fa4-35eb8c30b136', 'tags': ['fusion-soc-alert', 'fusion-soc-case', 'fusion-soc-pulled', 'fusion-soc-triage', 'fusionsoc-critical', 'fusionsoc-high', 'fusionsoc-investigated', 'qucikbooks', 'windows'], 'target': 'b2fe617fb2365f162bc5846069b1964d', 'this': 'a00fe3f608665a0674886a6769c4d26f'}}]
IOCs:
C:\WINDOWS\system32\lsass.exe
wininit.exe
055a1226a769948a79ed0972bdee2d91937c4b521e0b9046f9b8ccc63d110115
Analyst Declaration:
๐ Raw Detection JSON
{
"author": "ckeller@fusioncybersecurity.us",
"cat": "Sensitive Process Accessed",
"detect": {
"event": {
"EVENTS": [
{
"event": {
"BASE_ADDRESS": 140702525030400,
"COMMAND_LINE": "C:\\WINDOWS\\system32\\lsass.exe",
"CREATION_TIME": 1773245868875,
"FILE_IS_SIGNED": 1,
"FILE_PATH": "C:\\WINDOWS\\system32\\lsass.exe",
"HASH": "055a1226a769948a79ed0972bdee2d91937c4b521e0b9046f9b8ccc63d110115",
"MEMORY_USAGE": 19705856,
"PARENT": {
"FILE_IS_SIGNED": 1,
"FILE_PATH": "\\Device\\HarddiskVolume3\\Windows\\System32\\wininit.exe",
"HASH": "ba26910be549b8700c08fbe2f160952288864470a30dd35c3c6b7782f7dbf857",
"MEMORY_USAGE": 7323648,
"PARENT_PROCESS_ID": 720,
"PROCESS_ID": 840,
"THIS_ATOM": "58b1f2a11a942a48999a6fbd69b1964c",
"THREADS": 1,
"TIMESTAMP": 1773246028618,
"USER_NAME": "NT AUTHORITY\\SYSTEM"
},
"PARENT_PROCESS_ID": 840,
"PROCESS_ID": 980,
"THREADS": 16,
"USER_NAME": "NT AUTHORITY\\SYSTEM"
},
"routing": {
"arch": 2,
"did": "",
"event_id": "d3b670bd-e709-4598-a235-fc769c5925e8",
"event_time": 1773246029212,
"event_type": "EXISTING_PROCESS",
"ext_ip": "23.128.32.10",
"hostname": "desktop-3nfb237",
"iid": "b2cd59fc-d09d-49e0-a9f2-1fd79ee9c175",
"int_ip": "192.168.50.40",
"latency": 1260578539,
"moduleid": 2,
"oid": "d3541070-8b0e-4663-8a6a-aa0727aacd36",
"parent": "58b1f2a11a942a48999a6fbd69b1964c",
"plat": 268435456,
"sid": "ed8f7c3f-3a1a-493e-8fa4-35eb8c30b136",
"tags": [
"fusion-soc-alert",
"fusion-soc-case",
"fusion-soc-pulled",
"fusion-soc-triage",
"fusionsoc-critical",
"fusionsoc-high",
"fusionsoc-investigated",
"qucikbooks",
"windows"
],
"this": "b2fe617fb2365f162bc5846069b1964d"
}
},
{
"event": {
"ACCESS_FLAGS": 2097151,
"PARENT_PROCESS_ID": 14404,
"PROCESS_ID": 980,
"SOURCE": {
"BASE_ADDRESS": 8847360,
"COMMAND_LINE": "\"C:\\Program Files\\Dell\\SupportAssistAgent\\SRE\\SRE.exe\" \"en\" \"C:\\ProgramData\\Dell\\SupportAssist\\Agent\\Certificate\\SRE\\c64488ae-9e87-4370-ae3f-c87763d98f56.pfx\" \"127.0.0.1:10560\" \"14353ecf-d8a0-479d-a7cb-b846d1c121df\" \"false\"",
"FILE_IS_SIGNED": 1,
"FILE_PATH": "C:\\Program Files\\Dell\\SupportAssistAgent\\SRE\\SRE.exe",
"HASH": "4209038199a68a376fc84137887a18bbeb149f54ad610645f2d585c44a569f31",
"MEMORY_USAGE": 2113536,
"PARENT_ATOM": "dc9dc13c395f9426efb5762e69c4d10e",
"PARENT_PROCESS_ID": 15104,
"PROCESS_ID": 14404,
"THIS_ATOM": "409619ceaae053692b3c62d269c4d184",
"THREADS": 1,
"TIMESTAMP": 1774506372343,
"USER_NAME": "NT AUTHORITY\\SYSTEM"
},
"TARGET": {
"BASE_ADDRESS": 140702525030400,
"COMMAND_LINE": "C:\\WINDOWS\\system32\\lsass.exe",
"CREATION_TIME": 1773245868875,
"FILE_IS_SIGNED": 1,
"FILE_PATH": "C:\\WINDOWS\\system32\\lsass.exe",
"HASH": "055a1226a769948a79ed0972bdee2d91937c4b521e0b9046f9b8ccc63d110115",
"MEMORY_USAGE": 19705856,
"PARENT_ATOM": "58b1f2a11a942a48999a6fbd69b1964c",
"PARENT_PROCESS_ID": 840,
"PROCESS_ID": 980,
"THIS_ATOM": "b2fe617fb2365f162bc5846069b1964d",
"THREADS": 16,
"TIMESTAMP": 1773246029212,
"USER_NAME": "NT AUTHORITY\\SYSTEM"
}
},
"routing": {
"arch": 2,
"did": "",
"event_id": "7646592a-38ef-4ed1-a96e-2aeae599da15",
"event_time": 1774506607164,
"event_type": "REMOTE_PROCESS_HANDLE",
"ext_ip": "23.128.32.10",
"hostname": "desktop-3nfb237",
"iid": "b2cd59fc-d09d-49e0-a9f2-1fd79ee9c175",
"int_ip": "192.168.50.40",
"latency": 587,
"moduleid": 2,
"oid": "d3541070-8b0e-4663-8a6a-aa0727aacd36",
"parent": "409619ceaae053692b3c62d269c4d184",
"plat": 268435456,
"sid": "ed8f7c3f-3a1a-493e-8fa4-35eb8c30b136",
"tags": [
"fusion-soc-alert",
"fusion-soc-case",
"fusion-soc-pulled",
"fusion-soc-triage",
"fusionsoc-critical",
"fusionsoc-high",
"fusionsoc-investigated",
"qucikbooks",
"windows"
],
"target": "b2fe617fb2365f162bc5846069b1964d",
"this": "a00fe3f608665a0674886a6769c4d26f"
}
}
]
},
"routing": {
"arch": 2,
"did": "",
"event_id": "775ecca4-06e8-4ac6-a906-30ac18ac6d8e",
"event_time": 1774506607664,
"event_type": "SENSITIVE_PROCESS_ACCESS",
"ext_ip": "23.128.32.10",
"hostname": "desktop-3nfb237",
"iid": "b2cd59fc-d09d-49e0-a9f2-1fd79ee9c175",
"int_ip": "192.168.50.40",
"latency": 87,
"moduleid": 2,
"oid": "d3541070-8b0e-4663-8a6a-aa0727aacd36",
"parent": "409619ceaae053692b3c62d269c4d184",
"plat": 268435456,
"sid": "ed8f7c3f-3a1a-493e-8fa4-35eb8c30b136",
"tags": [
"fusion-soc-alert",
"fusion-soc-case",
"fusion-soc-pulled",
"fusion-soc-triage",
"fusionsoc-critical",
"fusionsoc-high",
"fusionsoc-investigated",
"qucikbooks",
"windows"
],
"target": "b2fe617fb2365f162bc5846069b1964d",
"this": "65d87447f06c77200babaafa69c4d26f"
}
},
"detect_id": "51987246-f44e-4e58-9d91-fefd69c4d26f",
"gen_time": 1774506607751,
"link": "https://app.limacharlie.io/orgs/d3541070-8b0e-4663-8a6a-aa0727aacd36/sensors/ed8f7c3f-3a1a-493e-8fa4-35eb8c30b136/timeline?time=1774506607\u0026selected=65d87447f06c77200babaafa69c4d26f",
"namespace": "general",
"routing": {
"arch": 2,
"did": "",
"event_id": "775ecca4-06e8-4ac6-a906-30ac18ac6d8e",
"event_time": 1774506607664,
"event_type": "SENSITIVE_PROCESS_ACCESS",
"ext_ip": "23.128.32.10",
"hostname": "desktop-3nfb237",
"iid": "b2cd59fc-d09d-49e0-a9f2-1fd79ee9c175",
"int_ip": "192.168.50.40",
"latency": 87,
"moduleid": 2,
"oid": "d3541070-8b0e-4663-8a6a-aa0727aacd36",
"parent": "409619ceaae053692b3c62d269c4d184",
"plat": 268435456,
"sid": "ed8f7c3f-3a1a-493e-8fa4-35eb8c30b136",
"tags": [
"fusion-soc-alert",
"fusion-soc-case",
"fusion-soc-pulled",
"fusion-soc-triage",
"fusionsoc-critical",
"fusionsoc-high",
"fusionsoc-investigated",
"qucikbooks",
"windows"
],
"target": "b2fe617fb2365f162bc5846069b1964d",
"this": "65d87447f06c77200babaafa69c4d26f"
},
"source": "d3541070-8b0e-4663-8a6a-aa0727aacd36.b2cd59fc-d09d-49e0-a9f2-1fd79ee9c175.ed8f7c3f-3a1a-493e-8fa4-35eb8c30b136.10000000.2",
"source_rule": "general.Sensitive Process Accessed",
"ts": 1774506619000
}
๐ Threat Intel JSON
{
"virustotal": [
{
"malicious": false,
"provider": "virustotal",
"reputation": 0,
"stats": {
"confirmed-timeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 0,
"suspicious": 0,
"timeout": 0,
"type-unsupported": 4,
"undetected": 72
}
},
{
"malicious": false,
"provider": "virustotal",
"reputation": 10,
"stats": {
"confirmed-timeout": 0,
"failure": 1,
"harmless": 0,
"malicious": 0,
"suspicious": 0,
"timeout": 0,
"type-unsupported": 4,
"undetected": 71
}
},
{
"malicious": false,
"provider": "virustotal",
"reputation": 0,
"stats": {
"confirmed-timeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 0,
"suspicious": 0,
"timeout": 1,
"type-unsupported": 4,
"undetected": 71
}
}
]
}
๐ค Triage JSON
{
"_model_name": "dgx-122b",
"_primary_summary": "### \ud83e\udde0 dgx-122b Analysis (Primary)\n**Verdict:** false_positive | **Confidence:** 0.95\nThe event captures the legitimate creation of lsass.exe by its expected parent process wininit.exe from the standard Windows System32 directory. All file signatures and paths align with normal Windows boot operations, and historical feedback confirms this rule frequently triggers on benign system activity.\n\n**IOC Analysis:** The target process lsass.exe is located in C:\\WINDOWS\\system32\\ and is digitally signed. The parent process wininit.exe is the authorized creator of lsass.exe during system initialization. No indicators of masquerading, injection, or unauthorized access are present.",
"confidence": 0.95,
"false_positive_reason": "Legitimate system process lsass.exe spawned by its expected parent wininit.exe from the correct system path with valid signatures.",
"investigation_questions": [
"Was this event observed during system boot or scheduled maintenance?"
],
"ioc_analysis": "The target process lsass.exe is located in C:\\WINDOWS\\system32\\ and is digitally signed. The parent process wininit.exe is the authorized creator of lsass.exe during system initialization. No indicators of masquerading, injection, or unauthorized access are present.",
"iocs_extracted": [
"C:\\WINDOWS\\system32\\lsass.exe",
"wininit.exe",
"055a1226a769948a79ed0972bdee2d91937c4b521e0b9046f9b8ccc63d110115"
],
"mitre_techniques": [],
"recommended_actions": [
"Close alert as false positive",
"Review rule logic to exclude wininit.exe spawning lsass.exe"
],
"risk_score": 5,
"severity": "low",
"summary": "The event captures the legitimate creation of lsass.exe by its expected parent process wininit.exe from the standard Windows System32 directory. All file signatures and paths align with normal Windows boot operations, and historical feedback confirms this rule frequently triggers on benign system activity.",
"verdict": "false_positive"
}
โ๏ธ Response Actions
| Action | Target | Status | Result | |
|---|---|---|---|---|
| tag | executed | Tag applied | ||
| recommended | pending | โ | ||
| tag | executed | Tag applied | ||
| recommended | executed | General Activity Sweep: 0 events found | ||
| tag | executed | Tag applied | ||
| recommended | executed | General Activity Sweep: 0 events found | ||
| recommended | executed | General Activity Sweep: 0 events found | ||
| tag | executed | Tag applied | ||
| recommended | executed | General Activity Sweep: 0 events found | ||
| recommended | executed | General Activity Sweep: 0 events found | ||
| tag | executed | Tag applied | ||
| recommended | executed | General Activity Sweep: 0 events found | ||
| recommended | executed | Persistence Check: 0 events found |
๐ Add Note
๐ฌ Notes (10)
๐ค FusionSOC AI
2026-03-26T16:52
๐ค FusionSOC AI
2026-03-26T16:52
๐ค FusionSOC AI
2026-03-26T16:20
๐ค FusionSOC AI
2026-03-26T16:20
๐ค FusionSOC AI
2026-03-26T16:20
๐ค FusionSOC AI
2026-03-26T15:54
๐ค FusionSOC AI
2026-03-26T15:54
๐ค FusionSOC AI
2026-03-26T15:54
๐ค FusionSOC AI
2026-03-26T14:58
๐ค FusionSOC AI
2026-03-26T14:58
๐ Timeline
2026-03-27T22:40:19
analyst
Status changed: open โ closed
2026-03-27T22:40:16
analyst
Analyst classified as False Positive (FP)
2026-03-27T22:16:05
Analyst
Case queued for re-triage. 1 detection(s) reset to enriched pipeline.
2026-03-26T17:55:39
analyst
Status changed: triaging โ closed
2026-03-26T17:55:37
analyst
Analyst classified as False Positive (FP)
2026-03-26T17:52:55
Analyst
Case queued for re-triage. 1 detection(s) reset to enriched pipeline.
2026-03-26T16:59:29
Analyst
Case queued for re-triage. 1 detection(s) reset to enriched pipeline.
2026-03-26T16:52:47
FusionSOC AI
Status changed: investigating โ investigating
2026-03-26T16:52:47
FusionSOC
Action recommended โ executed: Persistence Check: 0 events found
2026-03-26T16:52:47
FusionSOC AI
Note by FusionSOC AI: ## ๐ Persistence Check **Action:** Add to allowlist if persistent noise **Sensor:** `ed8f7c3f-3a1a-49...` **Time Window:...
2026-03-26T16:52:46
FusionSOC
Response action queued: recommended on Add to allowlist if persistent noise
2026-03-26T16:52:46
FusionSOC AI
Status changed: triaging โ investigating
2026-03-26T16:52:46
FusionSOC
Action recommended โ executed: General Activity Sweep: 0 events found
2026-03-26T16:52:46
FusionSOC AI
Note by FusionSOC AI: ## ๐ General Activity Sweep **Action:** Mark as false positive **Sensor:** `ed8f7c3f-3a1a-49...` **Time Window:** +/- 2 ...
2026-03-26T16:52:46
FusionSOC
Response action queued: recommended on Mark as false positive
2026-03-26T16:52:46
FusionSOC
Action tag โ executed: Tag applied
2026-03-26T16:52:45
FusionSOC
Response action queued: tag on ed8f7c3f-3a1a-493e-8fa4-35eb8c30b136:fusionsoc-investigated
2026-03-26T16:44:41
Analyst
Case queued for re-triage. 1 detection(s) reset to enriched pipeline.
2026-03-26T16:20:46
FusionSOC AI
Note by FusionSOC AI: ## ๐ณ๏ธ Secondary Vote (RAG-Enhanced) **Vote:** MAJORITY (1/1 โ FALSE POSITIVE) - dgx-122b: false_positive (low, 95% conf...
2026-03-26T16:20:39
FusionSOC AI
Status changed: investigating โ investigating
2026-03-26T16:20:39
FusionSOC
Action recommended โ executed: General Activity Sweep: 0 events found
2026-03-26T16:20:39
FusionSOC AI
Note by FusionSOC AI: ## ๐ General Activity Sweep **Action:** No containment or remediation required **Sensor:** `ed8f7c3f-3a1a-49...` **Time ...
2026-03-26T16:20:39
FusionSOC
Response action queued: recommended on No containment or remediation required
2026-03-26T16:20:39
FusionSOC AI
Status changed: triaging โ investigating
2026-03-26T16:20:39
FusionSOC
Action recommended โ executed: General Activity Sweep: 0 events found
2026-03-26T16:20:39
FusionSOC AI
Note by FusionSOC AI: ## ๐ General Activity Sweep **Action:** Mark alert as false positive **Sensor:** `ed8f7c3f-3a1a-49...` **Time Window:** ...
2026-03-26T16:20:39
FusionSOC
Response action queued: recommended on Mark alert as false positive
2026-03-26T16:20:39
FusionSOC
Action tag โ executed: Tag applied
2026-03-26T16:20:39
FusionSOC
Response action queued: tag on ed8f7c3f-3a1a-493e-8fa4-35eb8c30b136:fusionsoc-investigated
2026-03-26T16:17:49
Analyst
Case queued for re-triage. 1 detection(s) reset to enriched pipeline.
2026-03-26T15:54:23
FusionSOC AI
Note by FusionSOC AI: ## ๐ณ๏ธ Secondary Vote (RAG-Enhanced) **Vote:** MAJORITY (1/1 โ FALSE POSITIVE) - dgx-122b: false_positive (informational...
2026-03-26T15:54:17
FusionSOC AI
Status changed: investigating โ investigating
2026-03-26T15:54:17
FusionSOC
Action recommended โ executed: General Activity Sweep: 0 events found
2026-03-26T15:54:17
FusionSOC AI
Note by FusionSOC AI: ## ๐ General Activity Sweep **Action:** Verify system startup logs if high volume occurs **Sensor:** `ed8f7c3f-3a1a-49.....
2026-03-26T15:54:17
FusionSOC
Response action queued: recommended on Verify system startup logs if high volume occurs
2026-03-26T15:54:17
FusionSOC AI
Status changed: triaging โ investigating
2026-03-26T15:54:17
FusionSOC
Action recommended โ executed: General Activity Sweep: 0 events found
2026-03-26T15:54:17
FusionSOC AI
Note by FusionSOC AI: ## ๐ General Activity Sweep **Action:** Close alert as false positive **Sensor:** `ed8f7c3f-3a1a-49...` **Time Window:**...
2026-03-26T15:54:16
FusionSOC
Response action queued: recommended on Close alert as false positive
2026-03-26T15:54:16
FusionSOC
Action tag โ executed: Tag applied
2026-03-26T15:54:16
FusionSOC
Response action queued: tag on ed8f7c3f-3a1a-493e-8fa4-35eb8c30b136:fusionsoc-investigated
2026-03-26T15:08:31
Analyst
Case queued for re-triage. 1 detection(s) reset to enriched pipeline.
2026-03-26T14:58:24
FusionSOC AI
Note by FusionSOC AI: ## ๐ณ๏ธ Secondary Vote (RAG-Enhanced) **Vote:** MAJORITY (1/1 โ TRUE POSITIVE) - dgx-122b: true_positive (medium, 0% conf...
2026-03-26T14:58:17
FusionSOC AI
Status changed: closed โ investigating
2026-03-26T14:58:17
FusionSOC
Action recommended โ executed: General Activity Sweep: 0 events found
2026-03-26T14:58:17
FusionSOC AI
Note by FusionSOC AI: ## ๐ General Activity Sweep **Action:** Manual review required **Sensor:** `ed8f7c3f-3a1a-49...` **Time Window:** +/- 2 ...
2026-03-26T14:58:17
FusionSOC
Response action queued: recommended on Manual review required
2026-03-26T14:58:17
FusionSOC
Action tag โ executed: Tag applied
2026-03-26T14:58:17
FusionSOC
Response action queued: tag on ed8f7c3f-3a1a-493e-8fa4-35eb8c30b136:fusionsoc-investigated
2026-03-26T14:33:39
analyst
Status changed: triaging โ closed
2026-03-26T14:33:37
analyst
Analyst classified as False Positive (FP)
2026-03-26T14:29:17
FusionSOC
Response action queued: recommended on Manual review required
2026-03-26T14:29:17
FusionSOC
Action tag โ executed: Tag applied
2026-03-26T14:29:17
FusionSOC
Response action queued: tag on ed8f7c3f-3a1a-493e-8fa4-35eb8c30b136:fusionsoc-investigated
2026-03-26T14:23:41
FusionSOC AI
Case created from detection: general.Sensitive Process Accessed