Detection rules › Sigma
Device Installation Blocked
Detects an installation of a device that is forbidden by the system policy
MITRE ATT&CK coverage
| Tactic | Techniques |
|---|---|
| Initial Access | T1200 Hardware Additions |
Event coverage
| Provider | Event ID | Title |
|---|---|---|
| Security-Auditing | 6423 | The installation of this device is forbidden by system policy. |