Find Rare Processes (windows)

sourcetype=winregistry | rare process_image

purpose:

find rarely seen windows processes. might indicate custom malware.

requirements:

winregistry data

comments: