Service Accounts Performing Remote PS

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query searches for any Service Accounts Performing Remote PowerShell.

Attribute	Value
Type	Hunting Query
Solution	Microsoft Defender XDR
ID	cedc5bfa-01f6-4e54-b87b-1edbe430e27a
Tactics	LateralMovement
Required Connectors	MicrosoftThreatProtection
Source	View on GitHub

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to Microsoft Defender XDR