Techniques
Sample rules
Remote Event Log Recon
- source: sigma
- technicques:
Description
Detects remote RPC calls to get event log information via EVEN or EVEN6
Detection logic
condition: selection
selection:
EventID: 3
EventLog: RPCFW
InterfaceUuid:
- 82273fdc-e32a-18c3-3f78-827929dc23ea
- f6beaff7-1e19-4fbb-9f8f-b89e2018337c