Product
high
advisory
Suspicious Firewall Modification to Allow Network Discovery
2 rulesDetection of 'netsh' command execution to enable network discovery in the firewall, a technique commonly used by ransomware such as REvil and RedDot to discover and compromise additional machines on the network.
Splunk Enterprise +3
ransomware
lateral-movement
windows
2r
high
advisory
Firewall Modification for File and Printer Sharing
2 rules 1 TTPThis analytic detects the modification of Windows Firewall settings to enable file and printer sharing, a common technique used by ransomware to facilitate lateral movement and broader network encryption.
Splunk Enterprise +3
ransomware
lateral-movement
windows
2r
1t