hxxp://Upon checking we could see that whenever a host communicating with this domain mwr[.]tools defender triggering this as an alert[.] We have investigated the timeline and found that the devices contacting the above-mentioned domain whenever the powershell script was run in the system by svchost[.] The script was used to run a Omniagent, both Omniagent and mwr[.]tools are security tool[.] MWR (MWR InfoSecurity) is a cybersecurity company that provides consulting, managed security services, and solutions to help organizations improve their security posture[.] Hence closing this incident[.]

Sharing

Target

http://Upon checking we could see that whenever a host communicating with this domain mwr.tools defender triggering this as an alert. We have investigated the timeline and found that the devices contacting the above-mentioned domain whenever the powershell script was run in the system by svchost. The script was used to run a Omniagent, both Omniagent and mwr.tools are security tool. MWR (MWR InfoSecurity) is a cybersecurity company that provides consulting, managed security services, and solutions to help organizations improve their security posture. Hence closing this incident.