RDP Sensitive Settings Changed (3f6b7b62-61aa-45db-96bd-9c31b36b653c)
Detects tampering of RDP Terminal Service/Server sensitive settings. Such as allowing unauthorized users access to a system via the 'fAllowUnsolicited' or enabling RDP via 'fDenyTSConnections'...etc
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| RDP Sensitive Settings Changed (3f6b7b62-61aa-45db-96bd-9c31b36b653c) | Sigma-Rules | Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) | Attack Pattern | 1 |