RDP Sensitive Settings Changed to Zero (a2863fbc-d5cb-48d5-83fb-d976d4b1743b)
Detects tampering of RDP Terminal Service/Server sensitive settings. Such as allowing unauthorized users access to a system via the 'fAllowUnsolicited' or enabling RDP via 'fDenyTSConnections', etc.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) | Attack Pattern | RDP Sensitive Settings Changed to Zero (a2863fbc-d5cb-48d5-83fb-d976d4b1743b) | Sigma-Rules | 1 |