Hello
I have a couple of questions concerning Application Control (Solidcore).
The version we use in my organization is 6.1.3.
My questions are as following:
- Using the regular HIPS rules, I could only see which applications were used on a specific system, for example - I could only know that POWERSHELL.EXE was used, but I can't see what happened within the process (which scripts the user was running using that process and so on).
My question is - is there a way to receive this information? Parhaps with Application Control logs, if using the right configuration? - Is it possible to somehow review commands & pieces of code that were used upon a Powershell ISE process?
- Not necessarily regarding Application Control - is it possible to somehow monitor the behavior of Human Interface Devices (HIDs)?
For example - monitor whether there are more than X keyboard types per second etc.
Thanks in advance!!