Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nterl0k - T1110.003 NTLM Bruteforce #2979

Merged

Conversation

nterl0k
Copy link
Contributor

@nterl0k nterl0k commented Mar 16, 2024

Details

A set of detections bult to detect anomalous behaviors using the NTLM Operational via organization domain controllers.

Pending splunk/attack_data#887

Checklist

  • Validate name matches <platform>_<mitre att&ck technique>_<short description> nomenclature
  • CI/CD jobs passed ✔️
  • Validated SPL logic.
  • Validated tags, description, and how to implement.
  • Verified references match analytic.

@ljstella ljstella requested review from ljstella and removed request for patel-bhavin and P4T12ICK July 29, 2024 15:24
@ljstella ljstella added this to the v4.38.0 milestone Jul 29, 2024
Copy link
Contributor

@ljstella ljstella left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Thanks for you contribution @nterl0k. Only small change I had to make was one of the risk messages referencing a field that didn't exist in the search. Super easy fix. Thanks again!

@patel-bhavin patel-bhavin merged commit b91c4ec into splunk:develop Aug 6, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants