yara-lApache-2.0from chronicle/detection-rules
adfs_db_suspicious_named_pipe_connection
Connection to ADFS via named pipes that are not using specific Windows ADFS processes may be indicative of user attempting to access ADFS for suspicious purposes
Quality
90
FP risk
—
Forks
0
Views
0
Rule source🔒 locked
🔒
Sign in to view the rule source
Free accounts can view the source for the top-ranked rules. Create one in seconds — no credit card required.
Sign in →