Windows Firewall Disabled via PowerShell (12f6b752-042d-483e-bf9c-915a6d06ad75)
Detects attempts to disable the Windows Firewall using PowerShell
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) | Attack Pattern | Windows Firewall Disabled via PowerShell (12f6b752-042d-483e-bf9c-915a6d06ad75) | Sigma-Rules | 1 |