LoFP
/
t1207
t1207
Title
Tags
creating and deleting a server object within 30 seconds or less is unusual but not impossible in a production environment. filter as needed.
t1207
endpoint
splunk
new domain controllers or certian scripts run by administrators.
t1003
t1003.006
t1207
endpoint
splunk
none.
t1078
t1078.004
t1207
t1222
t1222.001
t1484
endpoint
aws instance
splunk
valid on domain controllers; exclude known dcs
t1207
windows
sigma
LoFP
/
t1207