security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e91fc4486e57fc40e30d12253694de4c80a9e4ea
blue-team-tools/rules/windows/builtin/firewall_as/win_firewall_as_reset.yml
T
frack113 af987fb1a0 Set to low as too many FP
2022-02-22 09:38:10 +01:00

18 lines
614 B
YAML
Raw Blame History

title: Reset to Default Configuration Windows Firewall with Advanced Security
id: 04b60639-39c0-412a-9fbe-e82499c881a3
status: experimental
description: Windows Firewall has been reset to its default configuration.
author: frack113
date: 2022/02/19
references:
- https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd364427(v=ws.10)
logsource:
product: windows
service: firewall-as
# EventID 49xx and 50xx are not used in the rule, please don't use Windows Server 2008 R2
detection:
selection:
EventID: 2032
condition: selection
level: low
Reference in New Issue View Git Blame Copy Permalink