Implemented

Powershell logs connector and alerts

Powershell is used more and more by attackers with tools like Empire, PowerSploit, Nishang, PowerUp, etc.  Powershell executionpolicy does nothing to stop these tools and we admins need PowerShell as well.  Currently the best defense is to log and monitor PowerShell execution.  I'd like to see a connector created for PowerShell logs and some rules for picking up on usage of the above tools using threat intelligence.