![]() ![]() This requires Windows Security Event ID 4662 and could be triggered by some administrators configuring new users. If the user account name is not a known admin it is suspicious.ĭetects access to a domain user from a non-machine account. This requires Windows Event ID 4662.ĪD Privileged Users Or Groups Reconnaissanceĭetect privileged users or groups reconnaissance based on 4661 Event ID and known privileged users or groups SIDs. SEKOIA.IO x SEKOIA.IO Endpoint Agent on ATT&CK Navigator AD Object WriteDAC Accessĭetects WRITE_DAC access to a domain object. Related Built-in Rulesīenefit from SEKOIA.IO built-in rules and upgrade SEKOIA.IO Endpoint Agent with the following detection capabilities out-of-the-box. This agent sends events directly to SEKOIA.IO. SEKOIA.IO provides its own agent allowing to collect interresting events with a minimal configuration overhead. Skyhigh Security Secure Web Gateway (SWG) Intake creation and download of the executable
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |