Find information about network devices that is not stored in config files
This rule detect common flag combinations used by CrackMapExec in order to detect its use even if the binary has been replaced.
Detects when the password policy is enumerated.
Detetcts PowerShell activity in which Get-Addefaultdomainpasswordpolicy is used to get the default password policy for an Active Directory domain.
Detects password policy discovery commands