Thanks Eric. How did you get the powershell logs into your environment?
We are currently ingesting the Win Security Event logs, but cant figure
out how to also grab the powershell logs, without grabbing All the logs.
We are collecting from about 16,0...
We are using all of the above. For the RSA "canned" parser that need to
be updated, we are having RSA modify them. We are also in the process of
creating some custom parsers for some applications we have built
in-house.