Windows PowerShell

Reports

• Windows PowerShell-Command execution details- This report provides information related to command execution on PowerShell, which includes User Name, Host Type, Command Executed and Command Parameters fields.
• Windows PowerShell-Script execution details– This report provides information related to command execution through script on PowerShell, which includes User Name, Host Type, Script Path, Command Executed and Command Parameters fields.            

Alerts

• Windows PowerShell: Command execution failed– This alert is generated when command execution on PowerShell fails.
• Windows PowerShell: Remote session initiated– This alert is generated when PowerShell remote session is initialized.

Reports

• Windows PowerShell-Remote session creation details– This report provides information related to PowerShell remote session initialization, which includes Computer, User Name and Remote Host fields.
• Windows PowerShell-Command execution error details– This report provides information related to command execution errors by script or CLI on PowerShell, which includes User Name, Host Type, Script Path, Command Executed and Command Parameters fields.            

Alert

• Windows PowerShell: Remote session user authentication failed– This alert is generated when PowerShell user authentication fails.

Report

• Windows PowerShell-Remote session authentication success details– This report provides information related to successful PowerShell remote session authentication, which includes Computer, Remote User Name and Authentication Method fields.
• Windows PowerShell-Remote session authentication failure details– This report provides information related to unsuccessful PowerShell remote session authentication attempts, which includes Computer, Event User and Reason fields.