norbert791
norbert791
> We could add a `level: high` rule to match when the command line is found but the executable is not named with its default name i.e. was renamed. In...
> Hi @norbert791, > > I’ve made suggestions on one of your newly added rules that detects execution of a renamed MeshAgent binary. While the changes suggestion was provided to...