Forum Discussion
Hunting suspicious PowerShell activity in Defender
Hello Defender 365 Communitiy. I'm looking for information how PowerShell cmdlets and scripts being monitored and captured by Defender ATP. I did not find any clear answer, but my assumption is t...
Rod_Trent
Microsoft
MicrosoftHere's a couple KQL queries that may help explain it and the tables the information comes from...
https://github.com/rod-trent/SentinelKQL/blob/master/PowerShellExecutionwithDownload.txt
https://github.com/rod-trent/SentinelKQL/blob/master/PowerShellExecutionwithDownload.txt