protections-artifacts/behavior/rules/execution_suspicious_execution_via_microsoft_common_console.toml at main · elastic/protections-artifacts · GitHub
https://github.com/elastic/protections-artifacts/blob/main/behavior/rules/execution_suspicious_execution_via_microsoft_common_console.toml