Do you run PowerShell Core in production?
#powershell #PowerShell7

Got #PowerShell 7 and not seeing event logs in your triage? N.B. for PowerShell 7: Windows PowerShell logs events to "Microsoft-Windows-PowerShell/Operational"), but PowerShell 7 now logs events to "PowerShellCore/Operational." Detailed (e.g., Script Block) logging is NOT enabled by default.

PowerShell 7 includes Group Policy templates and an installation script in $PSHOME. Specifically, you can use the "RegisterManifest.ps1" and "InstallPSCorePolicyDefinitions.ps1" scripts in the PS7 installation directory to enable logging.

Also, ISE doesn't support PS7 :( --> but there is an official Visual Studio Code extension that does, and it even has an "ISE Mode."

H/T Nasreddine Bencherchali ( @nas_bench@twitter.com ): https://twitter.com/nas_bench/status/1616211194934882304

I also consulted https://learn.microsoft.com/en-us/powershell/scripting/whats-new/migrating-from-windows-powershell-51-to-powershell-7?view=powershell-7.3

#PowerShell7 #DFIR #eventlogs #logging #artifacts

@mondskiez The worst thing is that all of those choices are antiques. 😉 #powershell7

#PowerShell and #git just got a bit better:

Another version of ugit is out! https://github.com/StartAutomating/ugit

ugit updates git and lets it work well with the object Pipeline in #PowerShell7

New in this version:

Install-Module ugit -Scope CurrentUser -Force
Import-Module ugit
git diff | Select-Object -ExpandProperty File

If you are new to #PowerShell7 then I highly recommend this Book by Thomas Lee, especially if you work in a Server Environment.