CCPowerShellProtect
The powerful PowerShell, which is preinstalled in all Windows systems, is generally available as a useful aid for administrators or for automation. Due to the many possible uses, hackers have also discovered PowerShell as an attack vector and have made extensive use of it in recent years. In order to detect such attacks, PowerShell activities of all Windows systems (clients and servers) should be centrally logged and monitored. The whitepaper comprehensively describes the options for monitoring and logging. (in German)
https://ccvossel.de/wp-content/uploads/CCVOSSEL_CCPowerShellProtect-Whitepaper.pdf