LoFP
/
t1039
t1039
Title
Tags
administrators or power users may use this command. additional filters needs to be applied.
t1039
t1135
endpoint
splunk
help desk operator doing backup or re-imaging end user machine or backup software
t1039
windows
zeek
sigma
legitimate powershell scripts that make use of these functions.
t1039
t1055
t1059
t1069
t1087
t1106
t1135
t1482
windows
elastic
users working with these data types or exchanging message files
t1039
windows
zeek
sigma
LoFP
/
t1039