Detect Activity Related To Pass The Hash Attacks
This search looks for specific authentication events from the Windows Security Event logs to detect potential attempts at using the Pass-the-Hash technique.
Detect Activity Related To Pass The Hash Attacks Help
To successfully implement this search, you must ingest your Windows Security Event logs and leverage the latest TA for Windows.
Open in Search