Security monitoring and management are key tasks that every security analyst needs to perform. To enhance this process, scripting languages can provide an easy mechanism for aggregating data and querying. In this course, Continuous Monitoring with PowerShell, you’ll learn how to use PowerShell to provide a querying solution for log data. First, you’ll understand how to query the network to create an asset list of devices. Next, you’ll discover how to use that asset list and perform a deeper inspection of the devices identifying ports, services, processes, and endpoints. Next, you’ll learn how to use the Common Information Model (CIM) cmdlets and how they enhance the entire analysis process. Finally, you’ll learn how to remotely connect to devices, export log data, and perform security analysis. You will then automate this process by scripting it all together and creating a scheduled task. When you are finished with this course, you’ll have the skills and knowledge of using PowerShell to assist in continuously monitoring network devices and computers, for performing security analysis.
Author Name: Liam Cleary
Author Description:
Liam began his career as a trainer of all things computer-related. He quickly realized that programming, breaking, and hacking were much more fun. Liam spent the next few years working within core infrastructure and security services. He is the founder and owner of SharePlicity, a consulting company that focuses on Microsoft 365 and Azure technology. His role within SharePlicity is to help organizations implement Microsoft 365 and Azure technology to enhance internal and external collaboration, … more

Table of Contents

• Course Overview
  2mins
• Performing a Network Discovery
  56mins
• Enumerating Services and Processes
  32mins
• Using the Common Information Model (CIM) Cmdlets to Inspect the Windows Operating System
  17mins
• Collect Data from Multiple Machines for Analysis
  61mins
• Querying Exported Data for Process or Service Anomalies
  46mins