LSASS Activity is Being Flagged as a Potentially Compromised Host – How should I investigate this?

We’ve recently been seeing new security events being flagged to the SOC for activity involving LSASS usage from the wmiprvse.exe process across multiple Windows servers. We’ve investigated the wmiprvse.exe process by reviewing the process … Continue reading LSASS Activity is Being Flagged as a Potentially Compromised Host – How should I investigate this?