Script Block Start

PowerShell script block start. Event Source - Microsoft-Windows-Powershell - Event Log - Microsoft-Windows-Powershell/Operational

Configuration

Query

EventID:4105

Config

Key | Value — | — type | aggregation-v1 query | EventID:4105 streams | [5f74fe0891d2ba1b645adb8d] conditions | {expression:null} search_within_ms | 3600000 execute_every_ms | 3600000

Windows PowerShell Activities

PowerShell events can be interesting as Powershell is included by default in modern Windows installations.


Last modified October 12, 2020