Skip to content

Hide Navigation Hide TOC

Modify System Firewall (323ff3f5-0013-4847-bbd4-250b5edb62cc)

Detects the removal of system firewall rules. Adversaries may only delete or modify a specific system firewall rule to bypass controls limiting network usage or access. Detection rules that match only on the disabling of firewalls will miss this.

Cluster A Galaxy A Cluster B Galaxy B Level
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Modify System Firewall (323ff3f5-0013-4847-bbd4-250b5edb62cc) Sigma-Rules 1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2