Forum Discussion

ford8k's avatar
ford8k
Copper Contributor
Nov 04, 2019

Log sources for process creation (4688) events from endpoints

Hi   I noticed that lots of the use cases in Sentinel are driven by process creation events - 4688 in the Security event log; suspicious Powershell command lines, for example.   Is Microsoft's id...

Resources