Lateral Movement Windows

on Mar 9, 2016

Like • Show 9 Likes9
Comment • 3

Lateral movement is a part of the kill chain. After an attack has taken place, which allows entry into a company’s internal environment, lateral movement is the process of elevating credentials and gaining access to additional internal systems. This document describes a package of content that contains a set of rules to monitor Windows systems for lateral movement.

Attachments

Threat Detection Report - Lateral Movement.docx1.4 MB

Outcomes

3 Comments

David Waugh Mar 14, 2016 11:17 AM
Hi I deployed the Lateral Movement content packs from Live onto a 10.6 machine. Unfortunately the App Rules seem to not be written in the format that is compliant for 10.6 in order to push the App Rules. Can we check that the rules meet the requirements for 10.6?

I downloaded the Live Content that appeared when searching using keyword lateral.
"Lateral Movement Indicator - Windows"
Lateral Movement Suspected Windows
1 person found this helpful
Like • Show 0 Likes0
Actions
- Jim Ward @ David Waugh on Mar 15, 2016 9:23 AM
  Hi David,
  
  We have not encountered this issue with 10.6 release. Were you able to figure it out?
  
  Thanks.
  2 people found this helpful
  Like • Show 0 Likes0
  Actions
  - David Waugh @ Jim Ward on Mar 16, 2016 5:12 AM
    Hi thanks Jim, yes i think it was because I was using a beta of 10.6. Thanks for the reply.
    1 person found this helpful
    Like • Show 0 Likes0
    Actions

Lateral Movement Windows

Attachments

Outcomes

Related Content

Incoming Links