How to collect windows Powershell logs which are under event viewer using existing Winrm method, We have Netwitness 11.1 running in our infra
You'll want to add "Windows PowerShell"
...to the Windows event collection Channel in your Log Collector (Local and/or Remote, depending on your environment), e.g.:
Thank You Joshua.. This was helpful and we are seeing powershell logs now.. Now we will explore what events to include inside Windows powershell logging..
Within RSA NetWitness Endpoint, configuration of the endpoint agent is very similar to the Windows Event Source Configuration for a Log Decoder. See the Endpoint Insights Agent Installation Guide for Version 11.2 > Generating an Agent Packager with Windows Log Collection > Channel Filters. You'll find the steps for PowerShell collection on pages 13 -14.
Thankyou Angela.. we are currently running netwitness 11.1 and RSA CS was asking if we have NW Endpoint Server in our infra which we do not have and something I am exploring as well for this endpoint agent.
Retrieving data ...