SOC163 – Suspicious Certutil.exe Usage Walkthrough (Event ID: 113)

Feb 19 · 3 min read · In this walkthrough, we investigate the SOC163 – Suspicious Certutil.exe Usage alert in the LetsDefend platform. 🔎 Alert Overview The monitoring dashboard shows an alert triggered for suspicious usage of certutil.exe. Certutil.exe is a legitimate ...