Creation of a New Firewall Rule Via New-NetFirewallRule Cmdlet - ScriptBLock

Rule Info

Name
Creation of a New Firewall Rule Via New-NetFirewallRule Cmdlet - ScriptBLock
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the execution of "New-NetFirewallRule" to create a new inbound or outbound firewall rule.
Reference
https://learn.microsoft.com/en-us/powershell/module/netsecurity/new-netfirewallrule?view=windowsserver2022-ps
Date
2024-04-29 00:00:00
Modified
None
Id
7580338a-b5da-497b-a968-6d42b9a8ffae
Tags
attack.defense_evasion attack.t1562.004
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022