index=”windows” sourcetype=WinRegistry key_path=”HKLM\\software\\microsoft\\powershell\\1\\shellids\\microsoft.powershell\\executionpolicy” | table _time, host, registry_type, registry_value_data, registry_value_name | rename host as Host, registry_type as Action, registry_value_data as “Registry Value”, registry_value_name as “Registry Value Name”
