Red Canary recently unveiled its 2021 Threat Detection Report. Red Canarys customers were most impacted by attacks using PowerShell and Windows Command Shell. Because these tools are native to Windows, it is much harder for firms to determine that they are being attacked. This is called living off the land where the attacker doesnt have to bring attack tools to your network. The Australian Cyber Security Centre has documentation and guidance on setting up Windows event logging on Windows event logs. Use Sysmon to ensure that you are capturing the logging.”]