PowerShell Audit Logging Deep Dive

Catch Intruders Living off the Land and Enforce Privileged User Accountability

PowerShell is like nuclear fission — it’s powerful, and it can be used for good and evil. PowerShell is one of the best post-exploitation tools out there simply because it’s already built in to every modern Windows system. And like the name states, it’s extremely powerful. PowerShell can be used to gather data, steal system information, dump credentials, pivot between systems, create backdoors, and much more. PowerShell is the only scripting language with controls designed to mitigate abuse and misuse.

In this webinar, Randy Franklin Smith of Ultimate Windows Security is joined by Lee Holmes (Microsoft PowerShell extraordinaire) and Greg Foss of LogRhythm Labs. Together they show you how to catch intruders exploiting PowerShell to their own malicious ends.

The trio will zero in on auditing capabilities in PowerShell, explore sample events and how to interpret them, and talk about how to filter the noise. Additionally, you’ll learn some preventive steps you can take to limit your exposure to PowerShell-related risks. These experts will cover how to spot the bad guys hiding on your network and enforce privileged user accountability through the use of PowerShell.

In this webinar, you’ll learn about:

  • PowerShell security capabilities
  • PowerShell auditing capabilities
  • Detecting the use of PowerShell by malicious actors
  • How to combat PowerShell attacks
  • LogRhythm’s built-in knowledge of PowerShell and its ability to correlate PowerShell events with all the other security events

PowerShell audit features include an event logging-module, extended code block auditing, and transcripts of all outputs. You can stay one step ahead of hackers by learning how to use these features to detect malicious user activity.

LogRhythm has built-in alert rules and correlation logic inside of its NextGen SIEM Platform that help you process PowerShell logs and detect nefarious use of your administration tool. LogRhythm enables command line logging and module logging — both of which you can operationally use to track attacks occurring inside your network.

Watch the on-demand webinar now to learn how you can catch malicious user activity with LogRhythm and PowerShell.