Help
FortiSIEM Discussions
MonXbebe
New Contributor II

Created on ‎10-08-2024 04:03 AM Edited on ‎10-08-2024 04:41 AM

Windows Agent, PowerShell Events

Hello,

 

while testing in our system I noticed that PowerShell and Sysmon events are not arriving in the SIEM system. Other events such as Windows Event ID 4624 arrive without any problems. The template is defined for the PowerShell events Microsoft-Windows-PowerShell/Operational and Windows PowerShell. The local security guidelines are also set. I'm using Windows Agent 7.2.2. What am I doing wrong?

 

Best Regards

Labels:
254
0 Kudos
1 Solution
MonXbebe
New Contributor II

Created on ‎10-08-2024 04:40 AM

If anyone has a similar problem. The update to WindowsAgent 7.2.4 has helped...

View solution in original post

237
1 REPLY 1
MonXbebe
New Contributor II

Created on ‎10-08-2024 04:40 AM

If anyone has a similar problem. The update to WindowsAgent 7.2.4 has helped...

238
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.