t1550.002 | LoFP

t1550.002

Title	Tags
administrator activity	t1069 t1069.002 t1087 t1087.002 t1550 t1550.002 windows sigma
environments that use ntlmv1	t1550 t1550.002 windows sigma
go utilities that use staaldraad awesome ntlm library	t1059 t1087 t1114 t1550 t1550.002 windows sigma
legacy hosts	t1550 t1550.002 windows sigma
legitimate logon activity by authorized ntlm systems may be detected by this search. please investigate as appropriate.	t1550 t1550.002 endpoint splunk
runas command-line tool using /netonly parameter	t1550 t1550.002 windows sigma