By logging PowerShell activity and analyzing the commands with Splunk UBA, you can identify indicators of compromise corresponding to malicious activity by a user or malware. PowerShell provides access to Windows API calls that attackers can exploit to gain elevated access to the system, avoiding antivirus and other security controls in the process. PowerShell is also internally utilized by popular hacking tools.