Techniques
Sample rules
New PortProxy Registry Entry Added
- source: sigma
- technicques:
- t1090
Description
Detects the modification of the PortProxy registry key which is used for port forwarding.
Detection logic
condition: selection
selection:
TargetObject|contains: \Services\PortProxy\v4tov4\tcp\