Monitor Script-Based Applications

Applies To: WatchGuard Advanced Reporting Tool This topic applies to the optional WatchGuard endpoint security module, Advanced Reporting Tool. The Advanced Reporting Tool is available with WatchGuard EPDR and WatchGuard EDR.

Script-based applications are legitimate software that hackers might use for malicious actions. It is important to know who uses these applications, and when and where they use them. These applications can include PowerShell, Linux shell, and the Windows cmd shell.

To see script-based applications, from the WatchGuard Endpoint Security management UI:

1. In WatchGuard Cloud, select Monitor > Endpoints.
2. Select Status.
3. From the left pane, select Advanced Visualization Tool.
   A new browser tab opens.
4. From the left pane, select Advanced Reporting > Application Control.
5. Select the date range for the data you want to see.

6. Click Refresh.
   The dashboard shows information for the time period selected.
7. Select Special Applications & Tools tab.

8. To determine who uses scripting applications, and when and where they use them, review the Scripting Applications Executed and Scripting Applications Executed by Machine and User tiles.

Related Topics

Monitor Remote Access Applications

Monitor Unwanted Freeware