May 19 2022 11:10 AM
Hi,
I am trying to write a KQL to detect malicious powershell scripts created by a bad actor and be notified when those scripts are executed. What are the attributes that would be identified as a malicious script? What are the key differences between operating system powershell scripts and third party scripts and would these information be useful for spotting the bad ones?
Thanks
May 20 2022 04:44 AM