LoFP
/
t1553.003
t1553.003
Title
Tags
be aware of potential false positives - legitimate applications may cause benign activities to be flagged.
t1553.003
endpoint
splunk
false positives are limited as this is a hunting query for inventory.
t1553.003
endpoint
splunk
false positives may be present in some instances of legitimate binaries with invalid signatures. filter as needed.
t1553.003
endpoint
splunk
legitimate sip being registered by the os or different software.
t1553
t1553.003
windows
sigma