In the Powershell Hunt report, what does the “score” signify?
In the Powershell Hunt report, what does the “score” signify?
In the PowerShell Hunt report, the 'score' signifies a cumulative score of the various potential command line switches. This score is determined by evaluating the presence and combination of different command-line switches that may indicate suspicious or malicious activity.
Checked falcon console, appears to be D
Actually I am for the C here. https://www.crowdstrike.com/blog/tech-center/powershell-hunting/ Listen to what they say about the score field at around the end. Looks more logical to me.
But it doesn't use NGAV to do that. Trick answer. The correct answer is D. Different CLI switches have different ratings ergo different scores. This is in the documentation.
this one seems most likely and couldnt find info on the other choices