Why does this xpath query not work in Event Viewer in Windows 10? #logs #eventlogs #windows #xpath #security

https://stackoverflow.com/questions/75449677/why-does-this-xpath-query-not-work-in-event-viewer-in-windows-10

Got #PowerShell 7 and not seeing event logs in your triage? N.B. for PowerShell 7: Windows PowerShell logs events to "Microsoft-Windows-PowerShell/Operational"), but PowerShell 7 now logs events to "PowerShellCore/Operational." Detailed (e.g., Script Block) logging is NOT enabled by default.

PowerShell 7 includes Group Policy templates and an installation script in $PSHOME. Specifically, you can use the "RegisterManifest.ps1" and "InstallPSCorePolicyDefinitions.ps1" scripts in the PS7 installation directory to enable logging.

Also, ISE doesn't support PS7 :( --> but there is an official Visual Studio Code extension that does, and it even has an "ISE Mode."

H/T Nasreddine Bencherchali ( @nas_bench@twitter.com ): https://twitter.com/nas_bench/status/1616211194934882304

I also consulted https://learn.microsoft.com/en-us/powershell/scripting/whats-new/migrating-from-windows-powershell-51-to-powershell-7?view=powershell-7.3

#PowerShell7 #DFIR #eventlogs #logging #artifacts