title: PowerShell DownGradeAttack
description: hogehoge
author: Yea
detection:
    selection:
        Channel: Windows PowerShell
        EventID: 400
        EventData|re: '[\s\S]*EngineVersion=2\.0[\s\S]*'
falsepositives:
    - unknown
output: 'Powershell DownGrade Attack Detected!!'
creation_date: 2020/11/8
updated_date: 2020/11/8