Techniques
Sample rules
Remote Server Service Abuse
- source: sigma
- technicques:
Description
Detects remote RPC calls to possibly abuse remote encryption service via MS-SRVS
Detection logic
condition: selection
selection:
EventID: 3
EventLog: RPCFW
InterfaceUuid: 4b324fc8-1670-01d3-1278-5a47bf6ee188