Ingest PowerShell logs | Voters

Ingest PowerShell logs

in progress

Ethan Anderson

Ingest powershell data for auditing and detection purposes. Malicious PowerShell scripts are commonly used by threat actors to run silent actions in the background.

August 13, 2024

Chris Bisnett

marked this post as

in progress

We're working to support ingest and parsing of PowerShell logs for module loading and script block logging. This should satisfy the Essential 8 and other compliance frameworks and will give us more telemetry to identify malicious activity.

Chris Bisnett

Merged in a post:

Macro Executions

Anthony Rankine

Australian ACSC Essential 8 wants us to centrally log macro executions and powershell scripts executions.  We are looking to replace Defender for endpoint P2 which gives us the device events table in the Advanced theat hunting schema.  If we replace that P2 with Defender for Business and/or hunterss we will lose that data to query.  
Anything we can do here to add this to SIEM or EDR?
Thanks.

January 8, 2025

Darren Djernes

would be huge to be able to detect these and audit them