Logging Powershell Execution
Logging PowerShell KB ID 0001903 Problem Monitoring PowerShell execution, (especially on critical servers like domain controllers), is essential for detecting potential malicious activity. PowerShell activities generate specific Event IDs in the Windows Event Log. Solution : Logging Powershell The following Event IDs are logged connected to PowerShell execution. Command Line Auditing: Event ID 800 (Microsoft-Windows-Sysmon/Operational...