NTLMv1 Logon Between Client and Server (e9d4ab66-a532-4ef7-a502-66a9e4a34f5d)

Detects the reporting of NTLMv1 being used between a client and server. NTLMv1 is insecure as the underlying encryption algorithms can be brute-forced by modern hardware.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
NTLMv1 Logon Between Client and Server (e9d4ab66-a532-4ef7-a502-66a9e4a34f5d)	Sigma-Rules	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	1
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	2