new: New Firewall Rule Added In Windows Firewall Exception List Via WmiPrvSE.EXE
new: New Windows Firewall Rule Added Via New-NetFirewallRule Cmdlet
new: New Windows Firewall Rule Added Via New-NetFirewallRule Cmdlet - ScriptBlock
update: New Firewall Rule Added In Windows Firewall Exception List For Potential Suspicious Application - Add new EID and paths
update: Uncommon New Firewall Rule Added In Windows Firewall Exception List - Add new EID and paths
Summary of the Pull Request
Commandline:
New-NetFirewallRule -DisplayName "New rule" -Direction "Inbound" -LocalPort "21" -Protocol "TCP" -Action Allow
Changelog
new: New Firewall Rule Added In Windows Firewall Exception List Via WmiPrvSE.EXE new: New Windows Firewall Rule Added Via New-NetFirewallRule Cmdlet new: New Windows Firewall Rule Added Via New-NetFirewallRule Cmdlet - ScriptBlock update: New Firewall Rule Added In Windows Firewall Exception List For Potential Suspicious Application - Add new EID and paths update: Uncommon New Firewall Rule Added In Windows Firewall Exception List - Add new EID and paths
Example Log Event
Fixed Issues
SigmaHQ Rule Creation Conventions