Version 4

    Import under "Windows Server Update Services Analytics."


    Based on the KBs and Security Bulletin listed in this article from Microsoft:


    Hoping this helps someone out there make sure their environment doesn't get hit by the latest in exciting ransomware.


    A sample LEM rule for identifying suspicious activity from WanaCrypt can be found here: WanaCrypt v1 Detection Rule


    UPDATE: I worked with one of the Support guys, and he pointed out I had a couple problems with the query that resulted in some environments getting many, many bytes in their TempDB.  This has now been fixed, so download version 2 and see if it works better!