KQL Search

Query Details

HomeAI ToolsDevice Query

Osascriptpassword

Query

Tags:

Query:

DeviceProcessEvents
| where ProcessCommandLine has_all ("osascript", "dialog", "password")

References:

Explanation

The query is looking for DeviceProcessEvents where the ProcessCommandLine contains all three keywords: "osascript", "dialog", and "password".

Details

Ali Hussein profile picture

Ali Hussein

Released: October 28, 2023

Tables

DeviceProcessEvents

Keywords

DeviceProcessEvents,ProcessCommandLine,osascript,dialog,password

Operators

|wherehas_all

Actions