Windows Firewall Settings Have Been Changed

Original Source: [Sigma source]

Title: Windows Firewall Settings Have Been Changed
Status: test
Description:Detects activity when the settings of the Windows firewall have been changed
References:
-https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd364427(v=ws.10)
Author: frack113, Nasreddine Bencherchali (Nextron Systems)
Date: 2022-02-19
modified:2023-04-21
Tags:

-'attack.defense-evasion'
-'attack.t1562.004'

Logsource:

product: windows
service: firewall-as

Detection:
selection:
EventID:
-'2002'
-'2083'
-'2003'
-'2082'
-'2008'

condition:selection
Falsepositives:
Level: low

Sign Up to Personalize and Manage Your Detection

Windows Firewall Settings Have Been Changed