Event ID: 238 Rule Name: SOC153 – Suspicious PowerShell Script Executed Severity: HIGH Category: Endpoint Compromise / Malware Event Time: March 14, 2024 – 05:23 PM Compromised Host: Tony (172.16.17.206) Tony at work opened a suspicious file they probably shouldn’t have. It was like finding a strange USB drive in the parking lot and plugging it into your computer you don’t know what’s on it, but it starts doing things automatically.