Suspicious Program Location Whitelisted In Firewall Via Netsh.EXE (a35f5a72-f347-4e36-8895-9869b0d5fc6d)

Detects Netsh command execution that whitelists a program located in a suspicious location in the Windows Firewall

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Suspicious Program Location Whitelisted In Firewall Via Netsh.EXE (a35f5a72-f347-4e36-8895-9869b0d5fc6d)	Sigma-Rules	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2