Skip to content

Commit

Permalink
Update registry_event_net_ntlm_downgrade.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
nasbench authored Dec 3, 2024
1 parent 8927a4b commit b7057c5
Showing 1 changed file with 1 addition and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ detection:
- 'DWORD (0x00000010)' # Only Integrity
- 'DWORD (0x00000020)' # Only confidentiality
- 'DWORD (0x00000030)' # Both Integrity and confidentiality
selection_value_ntlmminclientsec:
selection_value_restrictsendingntlmtraffic:
# Note: The obvious values with issues are 0x00000000 (allow all) and 0x00000001 (audit).
# 0x00000002 can be secure but only if "ClientAllowedNTLMServers" is properly configured
# Hence all values should be monitored and investigated
Expand Down

0 comments on commit b7057c5

Please sign in to comment.