Computer Discovery And Export Via Get-ADComputer Cmdlet

Rule Info

Id
435e10e4-992a-4281-96f3-38b11106adde
Author
Nasreddine Bencherchali
Name
Computer Discovery And Export Via Get-ADComputer Cmdlet
Tags
attack.discovery DEMO attack.t1033
Date
2022-11-10 00:00:00
Modified
2022-11-17 00:00:00
Description
Detects usage of the Get-ADComputer cmdlet to collect computer information and output it to a file
Type
Community Rule

Rule History

Author
Date
Commit
Title
Nasreddine Bencherchali
2022-11-18
Rule Dev
Nasreddine Bencherchali
2022-11-17
fix: update selection
Nasreddine Bencherchali
2022-11-17
feat: add another case to the selection
Nasreddine Bencherchali
2022-11-11
fix: apply suggestions from code review
Nasreddine Bencherchali
2022-11-10
fix: fix duplicates in id field
Nasreddine Bencherchali
2022-11-10
fix: update rules with more cases
frack113
2022-10-28
order yaml
Florian Roth
2022-09-10
Update proc_creation_win_user_discovery_get_aduser.yml
nasreddine.bencherchali@nextron-systems.com
2022-09-09
Update proc_creation_win_user_discovery_get_aduser.yml
nasreddine.bencherchali@nextron-systems.com
2022-09-09
Big Update