Kerberoasting spn request with RC4 encryption

Description

This search detects a potential kerberoasting attack via service principal name requests

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Network Attack

Alert Volume

This search detects a potential kerberoasting attack via service principal name requests

SPL Difficulty

None

Journey

Stage 3

Data Sources

Anti-Virus or Anti-Malware
Application Data