Marcus Edmondson medmondson44
medmondson44
/ Get-WindowsEvents.ps1
Created
December 29, 2020 14:43
This is a fork of the Endgame script scrape-events.ps1. I gave it more functionality to take any event log and to be able to query remotely or take a path to the event log. Original Endgame script cant be found here: https://github.com/endgameinc/eqllib/blob/master/utils/scrape-events.ps1.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-EventProps { | |
| [cmdletbinding()] | |
| Param ( | |
| [parameter(ValueFromPipeline)] | |
| $event | |
| ) | |
| Process { | |
| $eventXml = [xml]$event.ToXML() | |
| $eventKeys = $eventXml.Event.EventData.Data | |
| $Properties = @{} |
medmondson44
/ EventParser.ps1
Created
September 22, 2019 11:22
This PowerShell script is used to parse Windows events.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-PowerShellLog { | |
| <# | |
| .SYNOPSIS | |
| Get-PowerShellLog extracts all PowerShell ScriptBlock Events [Evt 4104] from the Microsoft-Windows-PowerShell/Operational Event log for a specified timeframe | |
| .DESCRIPTION | |
| Query the event log and pull back all PowerShell ScriptBlock Events. | |
| Event 4104 | |
| Query and filter | |
| .PARAMETER | |
| Switch to pull back PowerShell ScriptBlock Log back a desired number of minutes |