We have a pattern that discovers linux machines and try to run a command (sudo dmidecode) via ssh. Logs say:
Executing SSH command: sudo dmidecode
Host requested password while running command...
Sending CTRL-C to abort command
Executing WMI command on host...
Why does it try to run it as a WMi command? Nowhere do we specify anything during discovery that would indicate anything windows related.
Yes it would require a password but if not provided should just fail or simply abort it as it does but not trying to run WMI.
We use a behaviour with active Unix only ssh functionality windows related ones are deactive.
Cis are classified promptly, Shazzam executed returning port 22. Unix Classifier triggered. Horizontal discovery probe triggers our pattern where we get above log entries.
