LoFP
/
t1204.001
t1204.001
Title
Tags
false positives may be high depending on the environment and consistent use of isos mounting. restrict to servers, or filter out based on commonly used iso names. filter as needed.
t1204
t1204.001
t1566
t1566.001
endpoint
splunk
LoFP
/
t1204.001