Skip to content

Commit

Permalink
add adws
Browse files Browse the repository at this point in the history
  • Loading branch information
@olafhartong
olafhartong committed Jun 21, 2023
1 parent fed8170 commit e0ce667
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions 3_network_connection_initiated/include_ports_suspicous.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
<DestinationPort name="technique_id=T1021,technique_name=Remote Services" condition="is">5900</DestinationPort> <!--VNC protocol-->
<DestinationPort name="technique_id=T1021,technique_name=Remote Services" condition="is">5985</DestinationPort> <!--WinRM protocol-->
<DestinationPort name="technique_id=T1021,technique_name=Remote Services" condition="is">5986</DestinationPort> <!--WinRM protocol-->
<DestinationPort name="technique_id=T1087.002,technique_name=Account Discovery: Domain Account" condition="is">9389</DestinationPort> <!--ADWS port-->
</NetworkConnect>
</RuleGroup>
</EventFiltering>
Expand Down

0 comments on commit e0ce667

Please sign in to comment.