Understanding Advanced PowerShell Logging
Vložit
- čas přidán 12. 09. 2024
- One of the most important events are recording PowerShell activity. There are critical nuounces when it comes to settings such as PowerShell Script Block Logging, Transcription Logs and Module Logging.
Learn how PowerShell event logs can generate warnings for events and even provide decoded payloads.
Background - Mandiant PowerShell Logging Threat Research: www.mandiant.c...
---
This session is a free preview of our comprehensive "Enterprise Security Fundamentals" course, exclusively available at bluecapesecuri...
Launched in early 2024, this hands-on course equips security professionals with practical skills for success in enterprise settings - for blue and red teamers alike.
Topics covered in this course:
- Cyber Threat Landscape
- Enterprise Domain Environments
- Logging, Telemetry and Visibility
- Even Log Enhancement
- Real World Attack Techniques
- Living Off the Land Binaries
- Windows Endpoint Compromise
- Network Telemetry
- Malware
𝗙𝗼𝗹𝗹𝗼𝘄 𝘂𝘀:
Discord: / discord
Twitter: / bluecapesec
LinkedIn: / bluecapesecurity
Visit www.bluecapese... for more free tutorials and blue team training.
Great Video! do these log settings take up a lot of space under C:/Sysmon? we have had issues with C:/sysmon taking up heaps of storage on devices.
Thank you and yes - that is always an important consideration, finding the tradeoff between how much you need to log, how much visibility you gain and where to store it and there's no one size fits all solution. Naturally at least critical logs of critical systems should go into a SIEM. You can always set Sysmon and other log sizes individually for endpoints. And if you can't forward those logs to a SIEM, it'd still be a good idea to at least have them on the endpoint for analysis in case it's needed, even if it's just a few weeks of log data.