An adversary attempts to communicate with malware on a network. What Cortex XDR Analytics alert will this activity likely trigger?

The alert for "Malware" is relevant in this scenario because attempted communication between an adversary and malware indicates the presence of malicious software that is either trying to receive instructions or exfiltrate data. When a device on the network shows signs of interacting with known malware, it attracts attention because such behavior is characteristic of cyber threats where unauthorized software tries to engage with external malicious entities.

This alert serves as a warning to security teams that an infection might be occurring or that the malware is actively engaging with command and control servers, which often is part of its operational behavior. Identifying such activity enables prompt investigation and potential mitigation before significant damage can occur.

In contrast, the other options do not directly correlate with the scenario of communication being attempted with the malware. Uncommon local scheduled task creation may suggest suspicious activity but does not inherently imply direct communication between the adversary and the malware itself. New administrative behavior could certainly indicate an issue, but it is not as specific to this interaction as an alert about malware. Similarly, DNS tunneling usually pertains to data exfiltration or command and control communication via DNS queries, which, while related, does not represent the broader concept of malware communication. This focus on the specific activity associated with malware communication makes the "Mal