Allow Inbound Traffic In Firewall Rule

Allow Inbound Traffic In Firewall Rule

Description

The following analytic identifies suspicious PowerShell command to allow inbound traffic inbound to a specific local port within the public profile. This technique was seen in some attacker want to have a remote access to a machine by allowing the traffic in firewall rule.

   Help

Allow Inbound Traffic In Firewall Rule Help

To successfully implement this search, you need to be ingesting logs with the powershell logs from your endpoints. make sure you enable needed registry to monitor this event.

   Search

Open in Search