mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-07 01:45:21 +00:00
fix: rule
This commit is contained in:
parent
9eb55016bf
commit
0489d4bfa4
@ -18,14 +18,14 @@ logsource:
|
||||
service: security
|
||||
definition: 'Requirements: Audit Policy : Object Access > Audit Registry (Success)'
|
||||
detection:
|
||||
selection2:
|
||||
selection:
|
||||
EventID: 4657
|
||||
ObjectName: '\REGISTRY\MACHINE\SYSTEM\\*ControlSet*\Control\Lsa*'
|
||||
ObjectValueName:
|
||||
- 'LmCompatibilityLevel'
|
||||
- 'NtlmMinClientSec'
|
||||
- 'RestrictSendingNTLMTraffic'
|
||||
condition: 1 of them
|
||||
condition: selection
|
||||
falsepositives:
|
||||
- Unknown
|
||||
level: critical
|
Loading…
Reference in New Issue
Block a user