LoFP
/
t1686.001
t1686.001
Title
Tags
firewall being modified or deleted may be performed by a system administrator. verify whether the user identity, user agent, and/or hostname should be making changes in your environment.
t1686
t1686.001
azure
sigma
firewall modified or deleted from unfamiliar users should be investigated. if known behavior is causing false positives, it can be exempted from the rule.
t1686
t1686.001
azure
sigma
firewall policy being modified or deleted may be performed by a system administrator. verify whether the user identity, user agent, and/or hostname should be making changes in your environment.
t1686
t1686.001
azure
sigma
firewall policy modified or deleted from unfamiliar users should be investigated. if known behavior is causing false positives, it can be exempted from the rule.
t1686
t1686.001
azure
sigma
legitimate use of acls to enable customer and staff access from the public internet into a public vpc
t1686
t1686.001
aws
sigma
new subnets added requiring routing setup
t1686
t1686.001
aws
sigma
new vpc creation requiring setup of a new route table
t1686
t1686.001
aws
sigma
rule collections (application, nat, and network) being modified or deleted may be performed by a system administrator. verify whether the user identity, user agent, and/or hostname should be making changes in your environment.
t1686
t1686.001
azure
sigma
rule collections (application, nat, and network) modified or deleted from unfamiliar users should be investigated. if known behavior is causing false positives, it can be exempted from the rule.
t1686
t1686.001
azure
sigma
LoFP
/
t1686.001