Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This analytic rule detects any registry value creation or modification of print processor registry Driver key. This will load the executable at startup with print spooler service. This could be an indication of a persistence attempt by an adversary.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Malware Protection Essentials |
| ID | 7edde3d4-9859-4a00-b93c-b19ddda55320 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Persistence, PrivilegeEscalation |
| Techniques | T1547 |
| Required Connectors | CrowdStrikeFalconEndpointProtection, MicrosoftThreatProtection, SentinelOne, VMwareCarbonBlack, CiscoSecureEndpoint, TrendMicroApexOne, TrendMicroApexOneAma |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Malware Protection Essentials