Rule Info
Name
Microsoft Defender For Endpoint Service Shutdown
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects instances where the Microsoft Defender for Endpoint service has shutdown.
Occurs when the device is shut down or offboarded.
Date
2024-07-09 00:00:00
Modified
None
Id
f77f7585-11c2-4ec4-b563-d55043f8dde5
Tags
attack.defense-evasion
Type
Nextron Sigma feed only (private)