The service control command
was executed on an endpoint to start a service on a remote host.
For additional context, this alert identifies the full command used
to start the service and the total number of endpoints on which
the command was run in the last 14 days.
The Service Control command
is used to create, start, stop, query, or delete Windows services.
Attackers can use the command to attempt to execute and persist
a binary, command, or script.