Detecting software exploitation may be difficult depending on the tools available. Software exploits may not always succeed or may cause the exploited process to become unstable or crash, which may be recorded in the application log.
Use deep packet inspection to look for artifacts of common exploit traffic, such as known payloads.
| Data Component | Name | Channel |
|---|---|---|
| Application Log Content (DC0038) | Application Log | None |
| Network Traffic Content (DC0085) | Network Traffic | None |