This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
any thoughts on how to improve powershell logging in Sentinel, beside enabling advanced powershell auditing and using defender for endpoints?
I just read this (old) article on blue team practices with powershell and I wonder how much of this is now monitored 'out of the box' with defender for endpoint and by enabling/logging advanced powershell windows events?
Thank you for asking this question on the **Microsoft Q&A Platform. **
You have not received answers or comments to your question because it may be ambiguous or confusing.
I recommend you visit How to write a quality question and verify that your question meets some of the recommendations.
Hope this helps,
Carlos Solís Salazar
----------
NOTE: To answer you as quickly as possible, please mention me in your reply.