LoFP
/
T1098.004
T1098.004
Title
Tags
administrator or network operator can create file in ~/.ssh folders for automation purposes. please update the filter macros to remove false positives.
t1098
T1098.004
endpoint
splunk
administrator or network operator can use this commandline for automation purposes. please update the filter macros to remove false positives.
t1053
t1053.002
t1053.003
T1053.006
t1098
T1098.004
t1546
t1546.004
endpoint
splunk
filtering will be required as system administrators will add and remove. one way to filter query is to add \"echo\".
T1098.004
endpoint
splunk
LoFP
/
T1098.004