It can do simple things like this: Or somewhat more complex like that: The full documentation also covers the optional queued, thread-safe, async, serialization, and builder modules. See Unit Tests to ...
description: The following analytic identifies modifications to registry keys commonly used for persistence mechanisms. It leverages data from endpoint detection sources like Sysmon or Carbon Black, ...