LetsDefend Monitoring Alert

Unauthorized Access to NTDS.dit File Detected

Aug, 23, 2024, 12:19 PM

Event ID: 292

Event Time: Aug, 23, 2024, 12:19 PM

Rule Name: SOC314 - Unauthorized Access to NTDS.dit File Detected

Alert Type: Unauthorized Access

MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1003 - Credential Access - OS Credential Dumping,
T1105 - Command and Control - Ingress Tool Transfer,
T1006 - Defense Evasion - Direct Volume Access,
T1003.003 - Credential Access - OS Credential Dumping: NTDS,

Severity: High

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166