Forum Discussion

CurlX2305's avatar
CurlX2305
Copper Contributor
Aug 27, 2022
Solved

Advanced Hunting Query Powershell Command Line

I was testing if I was able to detect various PowerShell Commands in the Advanced Hunting and this was the result:   Via Windows Powershell CommandLine I executed: (Invoke-Webrequest -Uri "https:/...
  • PeterJ_Inobits's avatar
    PeterJ_Inobits
    Aug 28, 2022

    CurlX2305

     

    You will need to enable Powershell script block logging via GPO to see the full commands that were run

PeterJ_Inobits's avatar
PeterJ_Inobits
Iron Contributor
Aug 28, 2022

CurlX2305

 

You will need to enable Powershell script block logging via GPO to see the full commands that were run

Julian's avatar
Julian
Brass Contributor
Feb 18, 2024

PeterJ_Inobits 

Are you sure about this - will the log config on the endpoint decide what is logged in Device*-tables in Advanced hunting?

Resources