Techniques
Sample rules
Suspicious Network Command
- source: sigma
- technicques:
- t1016
Description
Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems
Detection logic
condition: selection
selection:
CommandLine|re:
- ipconfig\s+/all
- netsh\s+interface show interface
- arp\s+-a
- nbtstat\s+-n
- net\s+config
- route\s+print