Hurricane Labs Add-on for Windows PowerShell Transcript

This app provides knowledge objects for working with Windows PowerShell transcript logs. In addition to field extractions, a number of event types are included to support threat hunting use cases. You will need to configure your Windows systems to log PowerShell transcripts in order to benefit from this app. This logging is not enabled by default in Windows. These logs, once generated, should be collected via a file input and forwarded to Splunk. Additional information on the configuration of this app is available here: www.hurricanelabs.com/splunk-tutorials/splunk-tutorial-powershell-transcription-logging This app is also available on GitHub: https://github.com/HurricaneLabs/TA-powershell_transcript

Built by Hurricane Labs

Latest Version 0.1.3

May 21, 2024

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3

Rating

0

(0)

Log in to rate this app

Support

Not Supported

Learn more

This app provides knowledge objects for working with Windows PowerShell transcript logs. In addition to field extractions, a number of event types are included to support threat hunting use cases. You will need to configure your Windows systems to log PowerShell transcripts in order to benefit from this app. This logging is not enabled by default in Windows. These logs, once generated, should be collected via a file input and forwarded to Splunk. Additional information on the configuration of this app is available here: www.hurricanelabs.com/splunk-tutorials/splunk-tutorial-powershell-transcription-logging This app is also available on GitHub: https://github.com/HurricaneLabs/TA-powershell_transcript