The SIEM app is now a part of the Elastic Security solution.
Click
here to view the current documentation.
IMPORTANT: No additional bug fixes or documentation updates will be released for this version.
IMPORTANT: No additional bug fixes or documentation updates will be released for this version.
Suspicious Powershell Script
editSuspicious Powershell Script
editA machine learning job detected a PowerShell script with unusual data characteristics, such as obfuscation, that may be a characteristic of malicious PowerShell script text blocks.
Rule type: machine_learning
Machine learning job: windows_anomalous_script
Machine learning anomaly threshold: 50
Severity: low
Risk score: 21
Runs every: 15 minutes
Searches indices from: now-45m (Date Math format, see also Additional look-back time)
Maximum signals per execution: 100
References:
Tags:
- Elastic
- ML
- Windows
Version: 1
Added (Elastic Stack release): 7.7.0
Potential false positives
editCertain kinds of security testing may trigger this signal. PowerShell scripts that use high levels of obfuscation or have unusual script block payloads may trigger this signal.