{"id":288,"date":"2024-12-04T10:35:29","date_gmt":"2024-12-04T09:35:29","guid":{"rendered":"https:\/\/cyber-resilience.mobi\/?p=288"},"modified":"2024-12-04T10:35:29","modified_gmt":"2024-12-04T09:35:29","slug":"recherche-les-modifications-du-port-rdp-remote-desktop-protocol-dans-le-registre-windows-en-se-concentrant-sur-les-changements-effectues-au-cours-des-dernieres-24-heures-et-excluant-les-modificatio","status":"publish","type":"post","link":"https:\/\/cyber-resilience.mobi\/?p=288","title":{"rendered":"Recherche les modifications du port RDP (Remote Desktop Protocol) dans le registre Windows, en se concentrant sur les changements effectu\u00e9s au cours des derni\u00e8res 24 heures et excluant les modifications vers le port par d\u00e9faut (3389)"},"content":{"rendered":"\n<pre class=\"wp-block-code\"><code>let Timeframe = 1d; \/\/ Choose the best timeframe for your investigation\nDeviceRegistryEvents\n| where Timestamp > ago(Timeframe)\n| where RegistryKey == @\"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server\\WinStations\\RDP-Tcp\"\n| where RegistryValueName == @\"PortNumber\"\n| where RegistryValueData != @\"3389\"\n| where ActionType == @\"RegistryValueSet\"\n| project Timestamp, DeviceName, PreviousRegistryValueName, PreviousRegistryValueData, InitiatingProcessFileName\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[18,19,22,29,30],"class_list":["post-288","post","type-post","status-publish","format-standard","hentry","category-kql-sentinel","tag-kql","tag-kusto","tag-sentinel","tag-siem","tag-xdr"],"_links":{"self":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=288"}],"version-history":[{"count":1,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/288\/revisions"}],"predecessor-version":[{"id":289,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/288\/revisions\/289"}],"wp:attachment":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}