LoFP
/
t1187
t1187
Title
Tags
false positives have been limited when the anonymous logon is used for account name.
t1187
endpoint
splunk
uncommon but legitimate windows administrator or software tasks that make use of the encrypting file system rpc calls. verify if this is common activity (see description).
t1187
t1557
t1557.001
zeek
sigma
unknown. feedback welcomed.
t1187
windows
sigma
LoFP
/
t1187