how to improve poweshell logging in sentinel

David Broggy 5,581 Reputation points MVP

any thoughts on how to improve powershell logging in Sentinel, beside enabling advanced powershell auditing and using defender for endpoints?

I just read this (old) article on blue team practices with powershell and I wonder how much of this is now monitored 'out of the box' with defender for endpoint and by enabling/logging advanced powershell windows events?


Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,284 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
935 questions
{count} votes