This app provides knowledge objects for working with Windows PowerShell transcript logs. In addition to field extractions, a number of event types are included to support threat hunting use cases. You will need to configure your Windows systems to log PowerShell transcripts in order to benefit from this app. This logging is not enabled by default in Windows. These logs, once generated, should be collected via a file input and forwarded to Splunk. Additional information on the configuration of this app is available here: www.hurricanelabs.com/splunk-tutorials/splunk-tutorial-powershell-transcription-logging This app is also available on GitHub: https://github.com/HurricaneLabs/TA-powershell_transcript
(0)
Categories
Created By
Type
Downloads
Licensing
Splunk Answers
Resources