Techniques
Sample rules
Suspicious Rejected SMB Guest Logon From IP
- source: sigma
- technicques:
- t1110
- t1110.001
Description
Detect Attempt PrintNightmare (CVE-2021-1675) Remote code execution in Windows Spooler Service
Detection logic
condition: selection
selection:
EventID: 31017
ServerName|startswith: \1
UserName: ''