title: PowerShell Execution Pipeline
title_jp: PowerShell実行
description: Displays powershell execution
description_jp: Powershellの実行を出力する。
author: Eric Conrad
contributor: Zach Mathis
mitre_attack: T1059
level: medium
detection:
    selection:
        Channel: Microsoft-Windows-PowerShell/Operational
        EventID: 4103
        ContextInfo:
            - Host Application
            - ホスト アプリケーション
    # condition: selection
falsepositives:
    - normal system usage
output: 'Command = %CommandLine%'
output_jp: 'コマンド = %CommandLine%'
creation_date: 2020/11/08
updated_date:  2021/11/06