Rule Info
Name
ETW Logging/Processing Option Disabled On IIS Server
Author
frack113, Nasreddine Bencherchali
Description
Detects changes to of the IIS server configuration in order to disable/remove the ETW logging/processing option.
Reference
Date
2024-10-06 00:00:00
Modified
None
Id
a5b40a90-baf5-4bf7-a6f7-373494881d22
Tags
attack.defense-evasion attack.t1562.002 attack.t1505.004 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
frack113
Merge PR #4935 from @frack113 - Add new IIS logsource and related rules
2024-10-06