LoFP
/
t1207
t1207
Title
Tags
creating and deleting a server object within 30 seconds or less is unusual but not impossible in a production environment. filter as needed.
t1207
endpoint
splunk
new domain controllers or certian scripts run by administrators.
t1003.006
t1207
endpoint
splunk
valid on domain controllers; exclude known dcs
t1207
windows
sigma
LoFP
/
t1207