The following analytic identifies suspicious PowerShell execution using Script Block Logging (EventCode 4104). It leverages specific patterns and keywords within the ScriptBlockText field to detect ...
It provides information not only on preparing for an incident, but also what to do during and after. Source is available on GitHub. Phantom Community Playbooks - Phantom Community Playbooks for Splunk ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results