- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Detect when ntdsutil is used in a suspicious manner, typically to access the ntds.dit file
Threat actors are known to utilize tools found natively in a victim’s environment to accomplish their objectives. Ntdsutil, a legitimate Windows binary, has been abused by malicious actors in the past to gain access to the ntds.dit file.
Requires Agent version 7.50.0 or greater.
This rule is a part of the beta for detections on Windows! If you would like to try the new Windows agent, create a support ticket and indicate that you wish to join the Cloud Security Management - Windows beta.