https://www.sans.org/reading-room/whitepapers/forensics/uncovering-indicators-compromise-ioc-powershell-event-logs-traditional-monitorin-36352