Winlogbeat - PowerShell arguments

mually · July 1, 2019, 4:21pm

Hi,

Using Winlogbeat on a windows host, I can see logs when the PowerShell process is started/running/stopped.
Is there a way for me get Elastic to report the arguments executed in a PowerShell channel? For example, if an administrator executes a script, is it possible to see the code which was executed?

Kind regards,
Mohammed

system · July 29, 2019, 4:21pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.