Powershell & sysmon logging to your SIEM is important for visibility .
“... Without logging ...in place, you won’t be able to detect a memory (RAM) only credential harvesting attack via PowerShell... A centralized logging solution is highly recommended for PowerShell and Sysmon logging...”
https://twitter.com/seanamason/status/971354430787457024?s=21
No comments:
Post a Comment