Monitor Script-Based Applications
Applies To: WatchGuard Advanced Reporting Tool
Script-based applications are legitimate software that hackers might use for malicious actions. It is important to know who uses these applications, and when and where they use them. These applications can include PowerShell, Linux shell, and the Windows cmd shell.
To see script-based applications, from the WatchGuard Endpoint Security management UI:
- In WatchGuard Cloud, select Monitor > Endpoints.
- Select Status.
- From the left pane, select Advanced Visualization Tool.
A new browser tab opens. - From the left pane, select Advanced Reporting > Application Control.
- Select the date range for the data you want to see.
- Click Refresh.
The dashboard shows information for the time period selected. - Select Special Applications & Tools tab.
- To determine who uses scripting applications, and when and where they use them, review the Scripting Applications Executed and Scripting Applications Executed by Machine and User tiles.