cancel
Showing results for 
Search instead for 
Did you mean: 
anton2016
Level 9

PowerShell Log Parsing

I've started to test PowerShell logging within the SIEM and it doesn't look like the events are being parsed properly, here is the text from an Event (800):

ps2.png

And here is how the SIEM sees it:

ps2.png

The packet has the data I'm looking for (blue highlight box) :

ps3.png

Is this a parsing issue or just how the SIEM sees these types of events?

0 Kudos
1 Reply
abanaru
Level 11

Re: PowerShell Log Parsing

I usually check the Description tab as well to see if the mapping is being done for the field I'm interested in.

If McAfee didn't map it I think you should open a case.

0 Kudos