Suspicious Powershell Script

Elastic Stack Serverless Security

A machine learning job detected a PowerShell script with unusual data characteristics, such as obfuscation, that may be a characteristic of malicious PowerShell script text blocks.

Rule type: machine_learning

Rule indices: None

Severity: low

Risk score: 21

Runs every: 15m

Searches indices from: now-45m (https://www.elastic.co/guide/en/elasticsearch/reference/current/common-options.html#date-math[Date Math format], see also Additional look-back time)

Maximum alerts per execution: 100

References:

• /reference/security/prebuilt-jobs.md

Tags:

• Elastic
• Host
• Windows
• Threat Detection
• ML

Version: 5

Rule authors:

• Elastic

Rule license: Elastic License v2