LetsDefend Monitoring Alert

LSA PPL Protection Disabled via Reg.EXE

Jul, 09, 2024, 10:18 AM

Event ID: 274

Event Time: Jul, 09, 2024, 10:18 AM

Rule Name: SOC298 - LSA PPL Protection Disabled via Reg.EXE

Alert Type: Generic

MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1078 - Initial Access - Valid Accounts,
T1059 - Execution - Command and Scripting Interpreter,
T1562 - Defense Evasion - Impair Defenses,
T1003.001 - Credential Access - OS Credential Dumping: LSASS Memory,

Severity: Medium

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166