Detect Rare Executables
This search will return a table of rare processes, the names of the systems running them, and the users who initiated each process.
This content is not mapped to any local saved search. Add mapping
Detect Rare Executables Help
To successfully implement this search, you must be ingesting data that records process activity from your hosts and populating the endpoint data model with the resultant dataset. The macro
Open in Search