title: Java running with Remote Debugging
description: 
reference: 
detection:
    selection:
        - EventLog: Microsoft-Windows-Sysmon/Operational
        - EventID: 1
        - CommandLine: '*transport=dt_socket,address=*'
    exclusion:
        - CommandLine: '*address=127.0.0.1*'
        - CommandLine: '*address=localhost*'
    condition: selection and not exclusion
falsepositives:
    - unknown
level: 30