Closed prashanthpulisetti closed 1 year ago
The query send contains syntax errors. They are located in the last line. Please fix them. Additionally, this query is hard to read, since the hashes do not make sense for external users. So please explain what is being filtered.
Impersonate Execution
Detects execution of the Impersonate tool. Which can be used to manipulate tokens on a Windows computers remotely (PsExec/WmiExec) or interactively