Securing your PowerShell Operational Logs

So you have actually upgraded to WMF5 and/or Win10 on your systems and have enabled script block logging (w/o invocation events as those are extremely noisy) and are getting this stuff into a SIEM and maybe you are even doing stuff like looking at Lee Holmes’s methods to detect obfuscated PowerShell on your network https://www.leeholmes.com/blog/2015/11/13/detecting-obfuscated-powershell/…

0