Detect Prohibited Applications Spawning Cmd Exe
This search looks for executions of cmd.exe spawned by a process that is often abused by attackers and that does not typically launch cmd.exe.
This content is not mapped to any local saved search. Add mapping
Detect Prohibited Applications Spawning Cmd Exe Help
You must be ingesting data that records process activity from your hosts and populates the Endpoint data model with the resultant dataset. This search includes a lookup file,
Open in Search