Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This analytic rule detects any registry value creation or modification of Windows firewall registry keys to allow network traffic. This could be an indication of defense evasion by an adversary to allow network traffic to/from a compromised host.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Malware Protection Essentials |
| ID | 056593d4-ca3b-47a7-be9d-d1d0884a1d36 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | DefenseEvasion |
| Techniques | T1562 |
| Required Connectors | CrowdStrikeFalconEndpointProtection, MicrosoftThreatProtection, SentinelOne, VMwareCarbonBlack, CiscoSecureEndpoint, TrendMicroApexOne, TrendMicroApexOneAma |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Malware Protection Essentials