Windows PowerShell Activities

PowerShell events can be interesting as Powershell is included by default in modern Windows installations. If a PowerShell script is failing, it may indicate misconfiguration, missing files, or malicious activity. Use of the Get-MessageTrackingLog cmdlet can be used to enumerate Exchange Server mail metadata, returning detailed information about the history of each mail message traveling through the server.
AIS Managed SIEM

SIEM Events

Remote Connection
Exception Raised
Script block contents
Script block start
Script block end

Last modified September 14, 2021