Techniques
Sample rules
Live Memory Dump Using Powershell
- source: sigma
- technicques:
- t1003
Description
Detects usage of a PowerShell command to dump the live memory of a Windows machine
Detection logic
condition: selection
selection:
ScriptBlockText|contains|all:
- Get-StorageDiagnosticInfo
- -IncludeLiveDump