Powershell is a common utility, used to perform critical actions throughout any IT environment on a regular basis. It’s also frequently used by malware to execute automated attacks, steal credentials, and perform other damaging actions. But because the use of powershell is so common, identifying suspicious or malicious powershell activity is difficult.
LogicHub playbooks automate the analysis and investigation of powershell activity to rapidly and accurately identify suspicious and malicious activity. Using a combination of machine learning and external integrations, LogicHub automatically creates baselines of expected Powershell behavior and establishes profiles of known malicious Powershell activity. Any new Powershell actions are automatically analyzed and assigned an appropriate risk score. When malicious activity is detected, it can be immediately stopped and future Powershell attacks of the same kind can be automatically prevented.