Msdt.exe

The basic syntax for msdt.exe is:

Here’s a useful, practical write-up on — what it is, how it works, when it’s legitimate, and when to be concerned. msdt.exe

title: Suspicious msdt.exe Execution status: experimental logsource: product: windows category: process_creation detection: selection: Image|endswith: '\msdt.exe' CommandLine|contains: - '/af' - 'ms-msdt' - 'powershell' condition: selection The basic syntax for msdt