script-execute
October 15, 2025 · View on GitHub
Description
Scripting commands were executed on the system
Parameters
| Parameter | Value |
|---|---|
| Subject | script |
| Activity | execute |
| Activity Type | script-execute |
| Pretty Name | Script Execute |
Fields
The possible fields for this activity type will vary depending on whether the activity was a success or a fail.
script-execute:success
| Field | Core | Detection | Informational |
|---|---|---|---|
| scriptblock_text | ✓ | ||
| command_invocation | ✓ | ||
| command_module | ✓ | ||
| local_user_name | |||
| user | ✓ |
script-execute:fail
| Field | Core | Detection | Informational |
|---|---|---|---|
| scriptblock_text | ✓ | ||
| command_invocation | ✓ | ||
| failure_code | ✓ | ||
| command_module | ✓ | ||
| local_user_name | |||
| failure_reason | ✓ | ||
| user | ✓ |