how to improve poweshell logging in sentinel
any thoughts on how to improve powershell logging in Sentinel, beside enabling advanced powershell auditing and using defender for endpoints?
I just read this (old) article on blue team practices with powershell and I wonder how much of this is now monitored 'out of the box' with defender for endpoint and by enabling/logging advanced powershell windows events?
Thank you for asking this question on the **Microsoft Q&A Platform. **
You have not received answers or comments to your question because it may be ambiguous or confusing.
I recommend you visit How to write a quality question and verify that your question meets some of the recommendations.
Hope this helps,
Carlos Solís Salazar
NOTE: To answer you as quickly as possible, please mention me in your reply.
Sign in to comment