Detect Credential Dumping Through LSASS Access
Description
This search looks for reading lsass memory consistent with credential dumping.
Content Mapping
This content is not mapped to any local saved search. Add mapping
Help |
---|
Detect Credential Dumping Through LSASS Access HelpThis search needs Sysmon Logs and a sysmon configuration, which includes EventCode 10 with lsass.exe. This search uses an input macro named |
Search |
---|
Open in Search |