Alex Asplund AlexAsplund

## Add-OpsGenieUser.ps1
Function Add-OpsGenieUser {
    [cmdletbinding()]
    param(
        [parameter(mandatory)]
        [string]$UserName,

        [parameter(mandatory)]
        [string]$FullName,

        [parameter(mandatory)]

## ad-events.csv

          
            event_id
            potential_criticality
            event_summary

            
              4618
              High
              A monitored security event pattern has occurred.

            
              4649
              High
              A replay attack was detected. May be a harmless false positive due to misconfiguration error.

            
              4719
              High
              System audit policy was changed.

            
              4765
              High
              SID History was added to an account.

            
              4766
              High
              An attempt to add SID History to an account failed.

            
              4794
              High
              An attempt was made to set the Directory Services Restore Mode.

            
              4897
              High
              Role separation enabled:

            
              4964
              High
              Special groups have been assigned to a new logon.

            
              5124
              High
              A security setting was updated on the OCSP Responder Service

## Get-EventInformation.ps1
$Publishers = wevtutil ep

# Mååånga fel, antagligen pga. att inte eventet är dokumenterat OK hos provider

$ErrorActionPreference = "SilentlyContinue" # Shh sh sh
$AllEventData = Foreach($Publisher in $Publishers){
    [XML]$Events = wevtutil gp $Publisher /ge /gm:true /f:xml
    $Events.provider.events.event | Foreach {
        [PSCustomObject]@{
            event_id = $_.value
	Function Add-OpsGenieUser {
	[cmdletbinding()]
	param(
	[parameter(mandatory)]
	[string]$UserName,

	[parameter(mandatory)]
	[string]$FullName,

	[parameter(mandatory)]
event_id	potential_criticality	event_summary
4618	High	A monitored security event pattern has occurred.
4649	High	A replay attack was detected. May be a harmless false positive due to misconfiguration error.
4719	High	System audit policy was changed.
4765	High	SID History was added to an account.
4766	High	An attempt to add SID History to an account failed.
4794	High	An attempt was made to set the Directory Services Restore Mode.
4897	High	Role separation enabled:
4964	High	Special groups have been assigned to a new logon.
5124	High	A security setting was updated on the OCSP Responder Service
	$Publishers = wevtutil ep

	# Mååånga fel, antagligen pga. att inte eventet är dokumenterat OK hos provider

	$ErrorActionPreference = "SilentlyContinue" # Shh sh sh
	$AllEventData = Foreach($Publisher in $Publishers){
	[XML]$Events = wevtutil gp $Publisher /ge /gm:true /f:xml
	$Events.provider.events.event \| Foreach {
	[PSCustomObject]@{
	event_id = $_.value