Winlogbeat - PowerShell arguments

mually · July 1, 2019, 4:21pm

Hi,

Using Winlogbeat on a windows host, I can see logs when the PowerShell process is started/running/stopped.
Is there a way for me get Elastic to report the arguments executed in a PowerShell channel? For example, if an administrator executes a script, is it possible to see the code which was executed?

Kind regards,
Mohammed

system · July 29, 2019, 4:21pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Start process Winlogbeat Beats auditbeat	3	313	July 22, 2019
Filtering Windows Events - Beats winlogbeat	6	3901	June 15, 2017
Winlogbeats service sugestion Beats winlogbeat	3	943	January 3, 2018
Correct way to Start and Stop Winlogbeat with Powershell Beats winlogbeat	6	3729	October 28, 2018
Winlogbeat & Logstash - Ingest Pipelines Beats winlogbeat	5	947	May 11, 2022

Winlogbeat - PowerShell arguments

Related topics