LoFP
/
t1546.001
t1546.001
Title
Tags
admin activity
t1033
t1059
t1059.004
t1070
t1070.001
t1136
t1136.001
t1485
t1505
t1505.003
t1546
t1546.001
t1562
t1562.002
t1562.004
windows
linux
sigma
there may be other processes in your environment that users may legitimately use to modify file associations. if this is the case and you are finding false positives, you can modify the search to add those processes as exceptions.
t1546.001
endpoint
splunk
LoFP
/
t1546.001