Showing results for 
Search instead for 
Did you mean: 
Level 9

PowerShell Log Parsing

I've started to test PowerShell logging within the SIEM and it doesn't look like the events are being parsed properly, here is the text from an Event (800):


And here is how the SIEM sees it:


The packet has the data I'm looking for (blue highlight box) :


Is this a parsing issue or just how the SIEM sees these types of events?

0 Kudos
1 Reply
Level 11

Re: PowerShell Log Parsing

I usually check the Description tab as well to see if the mapping is being done for the field I'm interested in.

If McAfee didn't map it I think you should open a case.

0 Kudos