Quick Tip: Upload Logs to Splunk from Windows PowerShell
I had a folder full of log files I wanted to index real quick in my local instance of Splunk. They won’t persist, so the right thing to do is to use the “oneshot” command (documented here). This can be...
View ArticleQuick PowerShell Script to Start Splunk
Got another quick PowerShell post for you. I have a copy of Splunk running locally on my Windows 8.1 workstation. I don’t always leave it running, for obvious resource reasons, therefor I end up...
View ArticleMonitoring Local Administrators on Windows Hosts
It is always gratifying when one of my readers comes to me with a problem. I love challenges. This one had to do with one of my old posts surrounding Local Administrators remotely. Of course, the way...
View ArticleClik here to view.
Using Splunk to Monitor Changes to PowerShell Scripts
I had a question this morning from a customer who was looking for ways to monitor changes made to PowerShell scripts in their environment. They wanted to know who made the changes, but also what...
View ArticleClik here to view.
101 things the mainstream media doesn’t want you to know about PowerShell...
At .conf2016 Steve Brant and I presented on how to detect PowerShell maliciousness using Splunk [2]. The only problem is, if you didn’t attend the conference and only read the PowerPoint slides you...
View Article