PowerShell is a powerful command-line tool that comes built in with most Windows systems. Up until now, it has been a useful tool for administrators to automate tedious tasks; now, however, it has been weaponized and is being used to carry out cyberattacks.
Know who executed a PowerShell process, when, and from where in your domain. Also, gain information on the commands (module logging) and the contents of scripts (script block logging) that get executed. Receive instant notifications via email and SMS of critical activities, such as the execution of a particular script.
Become alerted in real time via email and SMS of critical activities, such as when a user is added to a privileged group. Define thresholds based on time, volume, and other criteria to spot suspicious activities like mass file access. Execute scripts to automate response actions, like disabling a user account.
Continuously track user logons, and audit everything from logon failures to history. Leverage instant alerts and UBA to detect suspicious activities, such as a spike in logon failures, and unusual time of logon for a particular user. Automate the generation of logon audit trails to pass compliance audits such as SOX and the GDPR.
© 2022 Zoho Corporation Pvt. Ltd. All rights reserved.