Techniques
Sample rules
MSExchange Transport Agent Installation
- source: sigma
- technicques:
- t1505
- t1505.002
Description
Detects the Installation of a Exchange Transport Agent
Detection logic
condition: selection
selection:
CommandLine|contains: Install-TransportAgent
MSExchange Transport Agent Installation - Builtin
- source: sigma
- technicques:
- t1505
- t1505.002
Description
Detects the Installation of a Exchange Transport Agent
Detection logic
condition: selection
selection:
- Install-TransportAgent
Failed MSExchange Transport Agent Installation
- source: sigma
- technicques:
- t1505
- t1505.002
Description
Detects a failed installation of a Exchange Transport Agent
Detection logic
condition: selection
selection:
Data|contains: Install-TransportAgent
EventID: 6