We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Execution, Persistence, Privilege Escalation
Monitor process execution from the svchost.exe in Windows 10 and the Windows Task Scheduler taskeng.exe for older versions of Windows.
Monitor for scheduled task changes that do not correlate with known software, patch cycles, etc.