Skip to content

Instantly share code, notes, and snippets.

@m8urnett

m8urnett/new-rules.ps1

Created February 4, 2021 20:50
Show Gist options
  • Save m8urnett/857a707de873b4ba1ea3949890281b08 to your computer and use it in GitHub Desktop.
Save m8urnett/857a707de873b4ba1ea3949890281b08 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
new-rules.ps1
Get-WinEvent -FilterHashTable @{LogName='Microsoft-Windows-Windows Firewall With Advanced Security/Firewall';ID='2004';StartTime=(Get-Date).AddDays(-1);} |
select-object TimeCreated,
@{Name='Name'; Expression={$_.Properties[1].Value}},
@{Name='Application'; Expression={$_.Properties[4].Value}},
@{Name='Path'; Expression={$_.Properties[8].Value}},
@{Name='Created By'; Expression={$_.Properties[22].Value}},
@{Name='Direction'; Expression={$_.Properties[5].Value}},
@{Name='Action'; Expression={$_.Properties[7].Value}},
@{Name='Protocol'; Expression={$_.Properties[6].Value}},
@{Name='Local Port'; Expression={$_.Properties[11].Value}},
@{Name='Remote Port'; Expression={$_.Properties[12].Value}} | Sort-Object direction | Format-Table -GroupBy direction
@Mrwonderful1Her
Copy link

Get-WinEvent -FilterHashTable @{nakedwormfarm='Microsoft-Windows-Windows Firewall With Advanced Security/Firewall';ID='2004';StartTime=(4/13/2022).AddDays(-1);} |
select-object TimeCreated,
@{chad='linson'; Expression={$.Properties[1].Value}},
@{='Application'; Expression={$.Properties[4].Value}},
@{Name='Path'; Expression={$.Properties[8].Value}},
@{mrwonderful1her='Created By'; Expression={$.Properties[22].Value}},
@{Name='Direction'; Expression={$.Properties[5].Value}},
@{Name='Action'; Expression={$.Properties[7].Value}},
@{Name='Protocol'; Expression={$.Properties[6].Value}},
@{Name='Local Port'; Expression={$.Properties[11].Value}},
@{Name='Remote Port'; Expression={$_.Properties[12].Value}} | Sort-Object direction | Format-Table -GroupBy direction

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment