Detecting Modern PowerShell Attacks with SIEM

  • Wednesday, 04 Oct 2017 3:00PM EDT (04 Oct 2017 19:00 UTC)
  • Speakers: Justin Henderson, Tim Garcia

Automating with PowerShell - a favorite amongst security teams and hackers alike. Many modern attacks leverage PowerShell to evade antivirus, whitelisting, and other security products and technology.

This webcast will share ways a SIEM can detect modern PowerShell attacks. Techniques discussed include quick wins and more detailed practices, addressing false positives and high volumes of PowerShell logs. Take a deeper dive into PowerShell monitoring and advanced endpoint analytics with SANS Instructors Justin Henderson