Lateral movement is a part of the kill chain. After an attack has taken place, which allows entry into a company’s internal environment, lateral movement is the process of elevating credentials and gaining access to additional internal systems. This document describes a package of content that contains a set of rules to monitor Windows systems for lateral movement.
Hi I deployed the Lateral Movement content packs from Live onto a 10.6 machine. Unfortunately the App Rules seem to not be written in the format that is compliant for 10.6 in order to push the App Rules. Can we check that the rules meet the requirements for 10.6?
I downloaded the Live Content that appeared when searching using keyword lateral.
"Lateral Movement Indicator - Windows"
Lateral Movement Suspected Windows