Warren Frame RamblingCookieMonster
RamblingCookieMonster
/ Get-WinEventData and Sysmon.ps1
Last active
October 29, 2022 14:28
Extract detailed data from Sysmon event logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Download and dot source Get-WinEventData | |
| # https://gallery.technet.microsoft.com/scriptcenter/Get-WinEventData-Extract-344ad840 | |
| . "\\path\to\Get-WinEventData.ps1" | |
| # Download and Set up Sysmon as desired | |
| # http://technet.microsoft.com/en-us/sysinternals/dn798348 | |
| # http://www.darkoperator.com/blog/2014/8/8/sysinternals-sysmon | |
| #Use Get-WinEvent and Get-WinEventData to obtain events and extract XML data from them - let's see all the properties behind one! | |
| Get-WinEvent -FilterHashtable @{logname="Microsoft-Windows-Sysmon/Operational";id=3} | |
RamblingCookieMonster
/ Examples.ps1
Created
August 16, 2014 23:38
Quick and dirty PowerShell Tricks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A few handy tricks I use on a daily basis, from various sources | |
| # Running with UAC and already elevated? No prompts if you call things from here : ) | |
| New-Alias -name hyperv -Value "$env:windir\system32\virtmgmt.msc" | |
| New-Alias -name vsphere -value "C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe" | |
| New-Alias -Name n -Value "C:\Tools\NotePad2\notepad2.exe" | |
| New-Alias -name RSAT -Value "C:\Tools\Custom.msc" | |
| #... |
NewerOlder