PowerShell Profile Modification (b5b78988-486d-4a80-b991-930eff3ff8bf)

Detects the creation or modification of a powershell profile which could indicate suspicious activity as the profile can be used as a mean of persistence

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	PowerShell Profile Modification (b5b78988-486d-4a80-b991-930eff3ff8bf)	Sigma-Rules	1
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2