Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'Identifies when an account is enabled with a default password and the password is not set by the user within 48 hours. Effectively, there is an event 4722 indicating an account was enabled and within 48 hours, no event 4723 occurs which indicates there was no attempt by the user to set the password. This will show any attempts (success or fail) that occur after 48 hours, which can indicate too long of a time period in setting the password to something that only the user knows. It is recommended
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Windows Security Events |
| ID | 62085097-d113-459f-9ea7-30216f2ee6af |
| Severity | Low |
| Status | Available |
| Kind | Scheduled |
| Tactics | Persistence |
| Techniques | T1098 |
| Required Connectors | SecurityEvents, WindowsSecurityEvents |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SecurityEvent |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊