Security Monitoring–Additional PowerShell Detections

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. Note that there is an addendum to this piece for override purposes. That can be found here. A colleague of mine turned me on to this…

4