Use “>” to redicrect information in commandline

Find information about network devices that is not stored in config files

Detects system information discovery commands

Detects System Information Discovery commands

Use of reg to get MachineGuid information

Use of systeminfo to get information

Use of hostname to get information

Detects a set of suspicious network related commands often used in recon stages

Domain user and group enumeration via network reconnaissance. Seen in APT 29 and other common tactics and actors. Detects a set of RPC (remote procedure calls) used to enumerate a domain controller. The rule was created based off the datasets and hackathon from https://github.com/OTRF/detection-hackathon-apt29