# Modify for your environment. Make sure the sourcetype matches the analytic as needed.
[powershell://bootloader]
script = (bcdedit /enum /v) -split "-------------------" | % { if ($_ -match "path\s+(.+)") { Write-Output "Path: $($matches[1])" }; if ($_ -match "identifier\s+(.+)") { Write-Output "Identifier: $($matches[1])" }; if ($_ -match "description\s+(.+)") { Write-Output "Description: $($matches[1])" } }
schedule = 0 0 * * *
#schedule = */5 * * * *
sourcetype = PwSh:bootloader
index=win
Last active
May 9, 2023 00:46
-
-
Save MHaggis/26518cd2844b0e03de6126660bb45707 to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment