Skip to content

Commit

Permalink
Update credential_access_forced_authentication.toml
Browse files Browse the repository at this point in the history
  • Loading branch information
@w0rk3r
w0rk3r committed Jul 24, 2024
1 parent 56cbf83 commit dbf8fea
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions rules/cross-platform/credential_access_forced_authentication.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@ updated_date = "2024/07/22"
author = ["Elastic"]
description = """
Identifies a potential forced authentication. Attackers may attempt to force targets to authenticate to a Linux machine
controlled by them to capture hashes or to enable relay attacks.
controlled by them to capture hashes or enable relay attacks.
"""
from = "now-9m"
index = ["logs-endpoint.events.network-*", "logs-system.security-*"]
language = "eql"
license = "Elastic License v2"
name = "Potential Forced Authentication"
name = "Active Directory Forced Authentication from Linux Host"
references = [
"https://www.thehacker.recipes/a-d/movement/mitm-and-coerced-authentications/ms-efsr",
"https://www.thehacker.recipes/a-d/movement/mitm-and-coerced-authentications/ms-rprn",
Expand Down

0 comments on commit dbf8fea

Please sign in to comment.