Using SCOM to Capture Suspicious Process Creation Events

I recently had the privilege of chatting with Greg Cottingham on the Azure Security Center Analyst Team about process creation events and how to use them to detect anomalous events that need to be investigated.  It was a very interesting discussion and I was given a few real world examples of how the bad guys…

0