Detecting the SolarWinds Compromise Signals with Active Directory PowerShell
With the recent announcement of the SolarWinds attack Microsoft has provide additional signals for Azure Sentinel to help detect activity related to this attack. However, if you don’t have Azure Sentinel setup, you will have to manually search your Unified Audit Log for activity. To help with that, I’ve put together a few scripts that…