Latest Version 0.1.3
May 21, 2024
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Hurricane Labs Add-on for Windows PowerShell Transcript
This app provides knowledge objects for working with Windows PowerShell transcript logs. In addition to field extractions, a number of event types are included to support threat hunting use cases.
Built by Hurricane Labs
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3
Rating
0
(0)
Log in to rate this app
Support
Not Supported
This app provides knowledge objects for working with Windows PowerShell transcript logs. In addition to field extractions, a number of event types are included to support threat hunting use cases.
You will need to configure your Windows systems to log PowerShell transcripts in order to benefit from this app. This logging is not enabled by default in Windows. These logs, once generated, should be collected via a file input and forwarded to Splunk. Additional information on the configuration of this app is available here: www.hurricanelabs.com/splunk-tutorials/splunk-tutorial-powershell-transcription-logging
This app is also available on GitHub: https://github.com/HurricaneLabs/TA-powershell_transcript
Categories
Created By
Hurricane Labs
Type
addon
Downloads
6,615
Licensing
Splunk Answers
Resources
Log in to report this app listing