Been over 100 days since the launch of "Microsoft Unified XDR and SIEM Solution Handbook," and the positive feedback has been truly inspiring.

Celebrate with us! Packt Publishing is offering a 30% discount on our book. Use code "30XDR" at checkout on Amazon.com for a limited time.

Get your copy here: https://lnkd.in/gSKmM69r

#MicrosoftSecurity #XDR #CloudSecurity #CyberSecurity #MicrosoftDefenderXDR #MicrosoftXDR #Defenders #Packt #CyberSecurityBooks #SecurityBooks #UnifiedXDRPlatform

💡 PowerShell's execution policy is a safety feature that controls the conditions under which PowerShell loads configuration files and runs scripts.

➡️ The following #KQL query will help you identify execution policy changes. Also, you may fine tune the query by excluding InitiatingProcessFileName and InitiatingProcessParentFileName from your environment's applications to balance precision and recall.

🔗 https://github.com/cyb3rmik3/KQL-threat-hunting-queries/blob/main/01.ThreatHunting/changing-powershell-execution-policy-to-insecure-level.md

❗Find this, and more queries here: https://github.com/cyb3rmik3/KQL-threat-hunting-queries/

ℹ️ I hope you will find the query useful, if you do just ⭐ the repo!

#MicrosoftXDR #ThreatHunting