Rule Info
Name
ETW Trace Session Reached Maximum Size
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects events where an ETW session has reached its maximum size.
A session reaching its maximum size could lead to events being lost and a temporary blind spot on the system.
Reference
Internal Research
Date
2024-01-24 00:00:00
Modified
None
Id
d2aa582a-6620-414b-a656-0b29887c20ac
Tags
attack.defense-evasion
Type
Nextron Sigma feed only (private)