LoFP
/
t1595
t1595
Title
Tags
some administrator activity can be potentially triggered, please add those users to the filter macro.
t1003
t1036
t1036.005
t1595
endpoint
splunk
various, could be noisy depending on processes in the organization and sysmon configuration used. adjusted port/dest count thresholds as needed.
t1595
T1595.001
t1595.002
endpoint
splunk
LoFP
/
t1595