I am not seeing the event: A new process has been created in our environment.
Kindly clarify on the below points:
1. Can we see this event: 4688 in Domain Controller?
2. If so, kindly let me know the auditing option needs to be enabled?
I want to create the alert for suspicious tools like \\win64dd.exe \\Cachedump. Kindly clarify.
Thanks in Advance!!!
Thanks & Regards,