Wider attack surface coverage powered by hundreds of integrations and deeper threat visibility powered by thousands of detections.
Version: Windows PowerShell 3.0 and later
Windows PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language built on the .NET Framework. PowerShell comes in two versions: Console and Integrated Scripting Environment (ISE). Windows Remote Management (WinRM) allows for SSH-like remote shell capability through PowerShell. Netsurion amasses and examines logs generated by PowerShell to help an administrator monitor remote sessions for rogue scripts or commands.
Netsurion Data Source Integration for Windows PowerShell allows you to monitor the following components:-
Once Windows PowerShell is configured to deliver events to Netsurion's Open XDR platform; alerts, reports and dashboards can be configured into Netsurion's Open XDR platform.
Some of the Data Source Integrations available in Netsurion are listed below.
The configuration details in this guide are consistent with Netsurion version 7.X and later, Windows PowerShell 3.0 and later.
Download Integration guide for more information.