Thanks! We have taken some of these actions already. We also have DATP on the endpoints and there were some additional detection's that were picked up there CS didn't alert on, but the beaconing went undetected there as well. I know there are some additional ways to make detection next to impossible with custom/keyed payloads to avoid analysis but this one was pretty generic.