From 5e796ca588181aeadb5ac7eac875cb540d1990d5 Mon Sep 17 00:00:00 2001
From: Eric Conrad <git@zez.me>
Date: Wed, 8 May 2019 10:47:14 -0700
Subject: [PATCH] Updated the events table

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 2259971..e3122d6 100644
--- a/README.md
+++ b/README.md
@@ -71,9 +71,11 @@ See [Logging setup](#logging-setup) section below for how to configure these log
   * Password spraying via explicit credentials
   * Bloodhound (admin privileges assigned to the same account with multiple Security IDs)
 * Command line/Sysmon/PowerShell auditing
+  * Long command lines
   * Regex searches
   * Obfuscated commands
   * PowerShell launched via WMIC or PsExec
+  * PowerShell Net.WebClient Downloadstring
   * Compressed/Base64 encoded commands (with automatic decompression/decoding)
   * Unsigned EXEs or DLLs
 * Service auditing