Tag
This rule detects suspicious execution via the Windows Subsystem for Linux (WSL), which adversaries may leverage to execute Linux commands and bypass traditional Windows security measures.