I cannot seem to collect powershell logs. Can some...
# generalb
Brandon
11/02/2020, 8:51 PMI cannot seem to collect powershell logs. Can someone let me know where my config is off?
Copy code
--disable_events=false
--disable_forensic=false
--enable_windows_events_publisher=true
--enable_windows_events_subscriber=true
--windows_events_channel=System,Application,Setup,Security,Microsoft-Windows-PowerShella
alessandrogario
11/02/2020, 9:17 PM
can you check the --help output? powershell should have its own flag if i am not mistaken
alessandrogario
11/02/2020, 9:18 PM
Powershell block logging should also be enabled from gpedit.msc
b
Brandon
11/02/2020, 9:22 PMenabled block logging
6 Views