ADFS Database Named Pipe Connection #4587

celalettin-turgut · 2023-11-22T13:12:48Z

Rule UUID

id: 1ea13e8c-03ea-409b-877d-ce5c3d2c1cb3

Example EventLog

"Pipe Connected:
eventID:18
EventType: ConnectPipe
UtcTime: 2023-11-19 19:57:25.549
ProcessId: 2416
PipeName: \MICROSOFT##WID\tsql\query
Image: C:\Windows\WID\Binn\sqlwriter.exe
Microsoft-Windows-Sysmon"

Description

This sysmon event with eventid: 18 is a common false positive.

celalettin-turgut added the False-Positive Issue reporting a false positive with one of the rules label Nov 22, 2023

celalettin-turgut assigned nasbench Nov 22, 2023

nasbench added the Work In Progress Some changes are needed label Nov 22, 2023

nasbench linked a pull request Nov 22, 2023 that will close this issue

Fixes & Updates #4577

Merged

nasbench mentioned this issue Nov 22, 2023

Fixes & Updates #4577

Merged

nasbench removed the Work In Progress Some changes are needed label Nov 30, 2023

nasbench closed this as completed in #4577 Dec 21, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ADFS Database Named Pipe Connection #4587

ADFS Database Named Pipe Connection #4587

celalettin-turgut commented Nov 22, 2023

ADFS Database Named Pipe Connection #4587

ADFS Database Named Pipe Connection #4587

Comments

celalettin-turgut commented Nov 22, 2023

Rule UUID

Example EventLog

Description