how to improve poweshell logging in sentinel

David Broggy
6,101
Reputation points MVP
any thoughts on how to improve powershell logging in Sentinel, beside enabling advanced powershell auditing and using defender for endpoints?
I just read this (old) article on blue team practices with powershell and I wonder how much of this is now monitored 'out of the box' with defender for endpoint and by enabling/logging advanced powershell windows events?
Sign in to answer