Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This analytic rule detects usage of recovery tools vssadmin, wbadmin, wmic and bcedit to delete backup files or change recovery configuration. Adversaries may use these tools to delete shadow copies and backup files to prevent recovery of files. https://attack.mitre.org/techniques/T1490/
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Malware Protection Essentials |
| ID | 259de2c1-c546-4c6d-a17c-df639722f4d7 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | Impact |
| Techniques | T1490 |
| Required Connectors | CrowdStrikeFalconEndpointProtection, MicrosoftThreatProtection, SentinelOne, VMwareCarbonBlack, CiscoSecureEndpoint, TrendMicroApexOne, TrendMicroApexOneAma |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Malware Protection Essentials