Delete win_possible_dc_shadow.yml
This commit is contained in:
Rettila
@@ -1,18 +0,0 @@
|
||||
title: Potential DCShadow
|
||||
description: Monitors SPN modifications to detect DCShadow behavior.
|
||||
author: Chakib Gzenayi (@Chak92), Hosni Mribah
|
||||
tags:
|
||||
- attack.defense_evasion
|
||||
- attack.t1207
|
||||
logsource:
|
||||
product: windows
|
||||
service: system
|
||||
detection:
|
||||
selection:
|
||||
EventID: 5136
|
||||
LDAP_Display_Name: servicePrincipalName
|
||||
Value: 'GC/*'
|
||||
condition: selection
|
||||
falsepositives:
|
||||
- Exclude known DCs
|
||||
level: high
|
||||
Reference in New Issue
Block a user