Elastic Agent Windows Integration -- Powershell events not tracked in Agent logs ?

[hotcobra]

Using current Security Onion 2.4.80 Standalone. Elastic Agent on Integration on current Windows 11Pro 23H2. Windows has the Endpoints-Initial Agent Policy including windows-endpoints (v1.38.0) and windows-defender integrations.

Powershell events are not being collected in the Window Elastic Agent so they are not passed to SO.

Any idea why?

[cm-ops]

Are other logs from the agent being ingested into SO? Do you see any issues in the agent log?

[hotcobra]

Other logs are being reported. I'm using Osquery to run things. For example, "select * from windows_update_history" pulls valid windows updates.
Using Osquery: "select * from powershell_events" returns no results. and I do not see any PowerShell events in Win11 Agent logs but they are in standard Windows Events viewer

[cm-ops]

Is there any indication of an issue in the agent's log on the Win11 endpoint?

[hotcobra]

No errors or warnings in the Win11 endpoint logs. However, I'm a dummy since I just found them in Elastic-Dashboards. They are coming across with filebeat. There is a Windows PowerShell dashboard in Elastic that I can use.