NLTEST. EXE is a very powerful command-line utility that can be used to test Trust relationships and the state of Domain Controller replication in a Microsoft Windows NT Domain.
This rule will detect when it is being used to enumerate network trusts.
Description
NLTEST. EXE is a very powerful command-line utility that can be used to test Trust relationships and the state of Domain Controller replication in a Microsoft Windows NT Domain.
This rule will detect when it is being used to enumerate network trusts.
Required Info
Eventing Sources:
Target Operating Systems: Windows
Platforms NA
Target ECS Version: 1.6.0
New fields required in ECS for this? NA
Related issues or PRs NA
Optional Info
Example Data