Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query detects potential attempts to remotely access to the print spooler service on Active Directory Domain Controllers which could indicate an exploitation of MS-RPRN printer bug from a server that is configured with unconstrained delegation.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Windows Security Events |
| ID | c29a03c6-d074-4934-afae-df1aeb30da70 |
| Tactics | PrivilegeEscalation |
| Techniques | T1134 |
| Required Connectors | SecurityEvents, WindowsSecurityEvents |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
SecurityEvent |
EventID == "5145" |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊