Modify System Firewall (323ff3f5-0013-4847-bbd4-250b5edb62cc)
Detects the removal of system firewall rules. Adversaries may only delete or modify a specific system firewall rule to bypass controls limiting network usage or access. Detection rules that match only on the disabling of firewalls will miss this.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Modify System Firewall (323ff3f5-0013-4847-bbd4-250b5edb62cc) | Sigma-Rules | Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) | Attack Pattern | 1 |