Powershell Auditing & Integration

PowerShell logs details about PowerShell operations, such as starting and stopping the engine and providers, and executing PowerShell commands. Therefore, audit configuration and logging are important. The following steps should be followed for configuration;

1- Connect to the group policy management.

2- Required fields are Enabled under Administrative Templates – Windows components- Windows Powershell.


3- Logs with Audit enabled start to appear under EventViewer-Application and Services Logs- Microsoft – Windows – Powershell – Operational.


4- After this stage, we will see how to add this source to Logsign Unified SecOps Platform with WMI Integration;

5- The fullpath of the relevant log file is in Regedit as the new key.
It should be created under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog.




6- The generated key name should be entered carefully. For Powershell, this domain name is;
Microsoft-Windows-PowerShell/Operational to be entered.

7- The gpupdate /force is executed in cmd.

8- When performing Logsign resource integration, WMI is selected. Integration is completed by selecting the Microsoft-Windows-PowerShell/Operational in log file tab.




Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.