LoFP LoFP / other currently unknown false positives

Techniques

Sample rules

Weak or Abused Passwords In CLI

Description

Detects weak passwords or often abused passwords (seen used by threat actors) via the CLI. An example would be a threat actor creating a new user via the net command and providing the password inline

Detection logic

condition: selection
selection:
  CommandLine|contains:
  - '123456789'
  - 123123qwE
  - Asd123.aaaa
  - Decryptme
  - P@ssw0rd!
  - Pass8080
  - password123
  - test@202