title: PowerShell DownGradeAttack
description: hogehoge
enabled: true
author: Yea
logsource: 
    product: windows
detection:
    selection:
        Channel: Windows PowerShell
        EventID: 400
        EventData: '[\s\S]*EngineVersion=2.0[\s\S]*'
falsepositives:
    - unknown
level: medium
output: 'Powershell DownGrade Attack Detected!!'
creation_date: 2020/11/8
updated_date: 2020/11/8