Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Admins being admins like to use powershell to solve certain task. To do this they will often run a powershell file downloaded from a server, i.e:C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -ExecutionPolicy Bypass -Command iex...
Yes, the three parameters you mention is what I was initially thinking of.If there is a need to assist in testing this, I would be happy to help. Regards,Thomas
Hi,yeah this is one of our largest sources of false positive alerts and spend quite some time cleaning up the dashboard. Could of course mute the events, but I don´t feel comfortable muting too much stuff. Thanks for opening a Feature Request. Regard...
thanks but that guide doesn´t provide any info on my problem. To be more precise, I don´t want to exclude powershell process or ps script files on a general basis
Have you looked into the Vulnerability API?Seems like you might be able to do something there, though you might have to do some work to process the data you get back https://api-docs.amp.cisco.com/api_actions/details?api_action=GET+%2Fv1%2Fvulnerabil...
