Continuous Monitoring with PowerShell
PowerShell has many capabilities that support security management and analysis. This course will teach you how to continuously monitor network devices and computers using PowerShell.
What you'll learn
Security monitoring and management are key tasks that every security analyst needs to perform. To enhance this process, scripting languages can provide an easy mechanism for aggregating data and querying. In this course, Continuous Monitoring with PowerShell, you’ll learn how to use PowerShell to provide a querying solution for log data. First, you’ll understand how to query the network to create an asset list of devices. Next, you’ll discover how to use that asset list and perform a deeper inspection of the devices identifying ports, services,
processes, and endpoints. Next, you’ll learn how to use the Common Information Model (CIM) cmdlets and how they enhance the entire analysis process. Finally, you’ll learn how to remotely connect to devices, export log data, and perform security analysis. You will then automate this process by scripting it all together and creating a scheduled task. When you are finished with this course, you’ll have the skills and knowledge of using PowerShell to assist in continuously monitoring network devices and computers, for performing security analysis.
Table of contents
- Agenda 1m
- Pinging Individual Networked Devices 9m
- Pinging Multiple Networked Devices 4m
- Demo: Ping Individual and Multiple Networked Devices 2m
- Demo: Ping Individual and Multiple Networked Devices Using .NET API 4m
- Demo: Ping Individual and Multiple Networked Devices Using CIM 2m
- Demo: Create Reusable Ping Function 7m
- Identifying Network Devices 4m
- Demo: Perform Name Resolution 4m
- Demo: Perform Name Resolution Using Nmap 2m
- Demo: Perform Name Resolution Using PowerShell 6m
- Creating an Asset List of Networked Devices 1m
- Demo: Create an Asset List of Networked Devices 9m
- Summary 1m
- Agenda 0m
- Identify Open Ports on Individual and Multiple Networked Devices 7m
- Demo: Create a Port "Echo" Server 8m
- Demo: Use the .NET API, Nmap, and a 3rd Party PowerShell Modules for Port Scanning 6m
- Identifying Running Processes and Services on Devices 4m
- Demo: Check for Running Services and Processes 6m
- Summary 1m
- Agenda 1m
- Understanding PowerShell Remoting 4m
- Demo: Enable PowerShell Remoting Using WS-MAN 6m
- Using SSH for Remoting to Windows and Linux 2m
- Demo: Prepare a Windows client and Ubuntu Linux for SSH Remoting, and Connect to Windows Using SSH 7m
- Demo: Connect to a Linux Machine Using PowerShell Remoting Over SSH 4m
- Exporting Log Data from Remote Machines 5m
- Demo: Connect to a Windows Machine and Export Event Log Entries 9m
- Demo: Connect to a Linux Machine and Export Log Entries 8m
- Creating Scheduled Tasks Using PowerShell 3m
- Demo: Creating Scheduled Tasks Using PowerShell 12m
- Summary 1m
- Agenda 1m
- Analyzing Event Logs for Anomalies 6m
- Demo: Exporting and Querying Event Logs 6m
- Demo: Exporting Event Logs to CSV and XML 6m
- Writing Queries for Event Logs 4m
- Demo: Writing Queries Using FilterHashtable and Where-Object 5m
- Demo: Writing Queries Using FilterXML, FilterXPath, and More 7m
- Importing Event Log Entries into a Database 1m
- Demo: Import Event Log Entries into a Database 8m
- Demo: Query Event Log Entries in the Database and Re-import Entries 2m
- Summary 1m
About the author
Liam began his career as a trainer of all things computer-related. He quickly realized that programming, breaking, and hacking were much more fun. Liam spent the next few years working within core infrastructure and security services. He is the founder and owner of SharePlicity, a consulting company that focuses on Microsoft 365 and Azure technology. His role within SharePlicity is to help organizations implement Microsoft 365 and Azure technology to enhance internal and external collaboration, ... more