Continuous Monitoring with PowerShell

PowerShell has many capabilities that support security
management and analysis. This course will teach you
how to continuously monitor network devices and
computers using PowerShell.

Security monitoring and management are key tasks that every security analyst needs to perform. To enhance this process, scripting languages can provide an easy mechanism for aggregating data and querying. In this course, Continuous Monitoring with PowerShell, you’ll learn how to use PowerShell to provide a querying solution for log data. First, you’ll understand how to query the network to create an asset list of devices. Next, you’ll discover how to use that asset list and perform a deeper inspection of the devices identifying ports, services, processes, and endpoints. Next, you’ll learn how to use the Common Information Model (CIM) cmdlets and how they enhance the entire analysis process. Finally, you’ll learn how to remotely connect to devices, export log data, and perform security analysis. You will then automate this process by scripting it all together and creating a scheduled task. When you are finished with this course, you’ll have the skills and knowledge of using PowerShell to assist in continuously monitoring network devices and computers, for performing security analysis.

• Course Overview 2mins
• Performing a Network Discovery 56mins
• Enumerating Services and Processes 32mins
• Using the Common Information Model (CIM) Cmdlets to Inspect the Windows Operating System 17mins
• Collect Data from Multiple Machines for Analysis 61mins
• Querying Exported Data for Process or Service Anomalies 46mins