process_creation log stream. An attacker is using PowerShell to download and run payloads. Your mission: write a detection rule that catches ALL malicious activity with zero false positives (the admin's legitimate PowerShell must not fire). | # | Image | CommandLine | User |
|---|