Monitor Script-Based Applications

Applies To: WatchGuard Advanced Reporting Tool This topic applies to the optional WatchGuard endpoint security module, Advanced Reporting Tool. The Advanced Reporting Tool is available with WatchGuard EPDR and WatchGuard EDR.

Script-based applications are legitimate software that hackers might use for malicious actions. It is important to know who uses these applications, and when and where they use them. These applications can include PowerShell, Linux shell, and the Windows cmd shell.

Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have the Access Advanced Security Information permission to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.

To see script-based applications, from the WatchGuard Endpoint Security management UI:

1. In WatchGuard Cloud, select Monitor > Endpoint Security.
2. Select Status.
3. From the left pane, select Advanced Visualization Tool.
   A new browser tab opens.
4. From the left pane, select Advanced Reporting > Application Control.
5. Select the date range for the data you want to see.

6. Click Refresh.
   The dashboard shows information for the time period selected.
7. Select Special Applications & Tools tab.

8. To determine who uses scripting applications, and when and where they use them, review the Scripting Applications Executed and Scripting Applications Executed by Machine and User tiles.

Related Topics

Monitor Remote Access Applications

Monitor Unwanted Freeware