alert:
- debug
description: Detects netsh commands that configure a port forwarding of port 3389 used for RDP
filter:
- query:
    query_string:
      query: data.win.eventdata.commandLine.keyword:(netsh\ i*\ p*\=3389\ c*)
index: wazuh-alerts-3.x-*
name: 782d6f3e-4c5d-4b8c-92a3-1d05fed72e63_0
priority: 2
realert:
  minutes: 0
type: any