Tuesday, October 19, 2021

PowerShell Detections — Threat Research Release, August 2021

T he Splunk Threat Research Team (STRT) most recently began evaluating more ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging. This method provides greater depth of visibility as it provides the raw (entire) PowerShell script output. There are three sources that may enhance any defender’s perspective: module, script block and transcript logging. We focused our security content on script block logging (Event Code 4104) as it provides th…

Read More

Latest news
Related news