ZeroLogon (CVE-2020-1472) An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
This package includes the following rules which helping with detecting ZeroLogon vulnerability and attack using ArcSight ESM
Mimikatz Outbound RPC Connection to DC
ZeroLogon Attack Detected
ZeroLogon Vulnerability Detected
ArcSight ESM 7.0
refer to the Release Notes - Zerologon.docx which included with this package.
Similar apps are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
Related content and resources
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox