Suspicious Program Location Whitelisted In Firewall Via Netsh.EXE (a35f5a72-f347-4e36-8895-9869b0d5fc6d)

Detects Netsh command execution that whitelists a program located in a suspicious location in the Windows Firewall

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Suspicious Program Location Whitelisted In Firewall Via Netsh.EXE (a35f5a72-f347-4e36-8895-9869b0d5fc6d)	Sigma-Rules	Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987)	Attack Pattern	1
Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452)	Attack Pattern	Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987)	Attack Pattern	2