Security Software Discovery Via Powershell Script (904e8e61-8edf-4350-b59c-b905fc8e810c)
Detects calls to "get-process" where the output is piped to a "where-object" filter to search for security solution processes. Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus