GitHub

windows_iis_components_add_new_module.yml

description: The following analytic detects the execution of AppCmd.exe to install a new module in IIS. This detection leverages data from Endpoint Detection and Response (EDR) agents, focusing on ...
GitHub

run-a-powershell-v3-script-from-a-sql-server-agent-job.md

The other issue to be aware of is the warning from Microsoft, which says, "Each SQL Server Agent job step that runs PowerShell with the sqlps module launches a process which consumes approximately 20 ...