Techniques
Sample rules
Powershell Suspicious Win32_PnPEntity
- source: sigma
- technicques:
- t1120
Description
Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.
Detection logic
condition: selection
selection:
ScriptBlockText|contains: Win32_PnPEntity