Powershell Add Name Resolution Policy Table Rule (4368354e-1797-463c-bc39-a309effbe8d7)
Detects powershell scripts that adds a Name Resolution Policy Table (NRPT) rule for the specified namespace. This will bypass the default DNS server and uses a specified server for answering the query.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Powershell Add Name Resolution Policy Table Rule (4368354e-1797-463c-bc39-a309effbe8d7) | Sigma-Rules | Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) | Attack Pattern | 1 |