SentinelOne安全软件标记ONTAP以进行权限升级、以修改ntds.dt

最后更新
另存为PDF

Views:: 7

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas<a>2010061241</a>

Last Updated:

适用场景

ONTAP 9
SentinelOne
CIFS

问题描述

SentinelOne安全软件为ONTAP CIFS服务器报告以下信息：

Desc: Privilege Escalation Process attempted to patch the NTDS file Commands: File[ Path: "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy33\Windows\NTDS\ntds.dit Name: Lateral Movement 10.20.30.40 DOMAIN\CIFSSVM01$ (interactive session) Date Discovered: 2024-06-05 23:18:16 EST URL: https://usea1-nyl.sentinelone.net/in...07465/overview Path: 10.20.30.40 (DOMAIN\CIFSSVM01$) Process User: DOMAIN\CIFSSVM01$ Signature Verification: NotSigned SHA1: <hash> SHA256: <hash> MD5: <hash> Initiated By: Agent Policy Engine: Lateral Movement Detection type: Dynamic Classification: Malware Storyline: <integer> Threat Id: 1966416357491607465 Endpoint Info: Computer Name: DC01 Domain: DOMAIN IP v4 Address: 50.60.70.80