This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Can we able track power shell execution blocked servers' usage?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Can we able track power shell execution blocked servers' usage?

PoojalaSreenadh
L2 Linker

‎08-07-2023 11:28 AM

Hi Team,

we have created a policy for PowerShell execution blocking. whereas included with systems and servers. we have a few more servers that do not come under the PowerShell execution blocking policy as well. Here my doubt is can we able to track the usage of servers which is in PowerShell execution blocking policy? first of all, can we able to track the server's usage by using the cortex XDR with an EDR premium license? 

0 Likes Likes
3 REPLIES 3

PiyushKohli
L4 Transporter

‎08-08-2023 09:30 PM

Hi @PoojalaSreenadh 

 

Thank you for writing to live community!

By PowerShell execution blocking policy are your referring to execution policies that are set by Set-ExecutionPolicy and Group Policy settings. If yes, How about using the Endpoint script locate under (Incident Response -> Response -> Action Center -> New Action -> Run Endpoint Scripts) and from Scripts select execute commands. In the command you may mention something like "powershell get-executionpolicy" you can modify or update based on your requirements and in the script output you will get results of the script. 

 

PiyushKohli_0-1691554836500.png

Then you may filter based on the Policy you applied for blocking vs Non blocking.

 

Hope this helps!

 

Please mark the response as "Accept as Solution" if it answers your query.

PoojalaSreenadh
L2 Linker
In response to PiyushKohli

‎08-09-2023 11:22 AM

Hi PiyushKohli,

 

Thanks for the response, but my concern is whether can we able to track the usage of servers using cortex XDR pro per endpoint license. if yes, how does it view. 

0 Likes Likes

PiyushKohli
L4 Transporter
In response to PoojalaSreenadh

‎08-09-2023 08:34 PM

@PoojalaSreenadh could you elaborate what do you mean by "track the usage of servers using cortex XDR pro per endpoint license"? What usage you want to track? Could you share some example or reference like what/how are you currently tracking the usage of servers which you want to check if it can be done using cortex XDR pro per endpoint license.

 

Thanks

0 Likes Likes
  • 1140 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks