Sep 13 2017
- last edited on
Nov 30 2021
With the lightweight gateway, we are not seeing user information in the suspicious activity reports. Do advanced security auditing policies need to be in place?
This activity for instance was a remote execution attempt run in user context. (script downloaded from here.)