t1059

Here is 1 public repository matching this topic...

dmtkfs / t1059-powershell-demo

This Splunk dashboard detects PowerShell EncodedCommand use (T1059.001) by flagging base64 blobs over 500 bytes, with 1-second timeline, host stats, and event counts, based on index=main data and installable as a JSON file or app on Splunk Cloud or 9.x.

base64 dashboard splunk powershell splunk-dashboard encoded-characters t1059

Updated Jun 18, 2025

Improve this page

Add a description, image, and links to the t1059 topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the t1059 topic, visit your repo's landing page and select "manage topics."

Learn more

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

t1059

Here is 1 public repository matching this topic...

dmtkfs / t1059-powershell-demo

Improve this page

Add this topic to your repo