Quote Originally Posted by david_auquiere View Post

I would like to receive windows logs in my SIEM when powershell commands are run...I activate logs on servers and they are stored in "Applications and Services Logs->Microsoft->Windows->Powershell->Operational" (see Event Viewer Windows Server 2012R2)

Is it possible to do that?

Thanks for your input

How are you collecting Windows Logs at the moment (if at all)? SAM, WECS, SmartConnector ?

With WECS, you can configure the event source's Connection Mode's EventLogQuery (but it's very easy to completely break this if you get it wrong)...