Month: April 2015
Advanced Event Log Filtering Using PowerShell
In a previous blog post, Monitoring Event Logs with PowerShell, I showed you how to use Get-WinEvent to perform basic event log monitoring using PowerShell. In this article, I want to demonstrate how Get-WinEvent can be used to run more complex queries using the –FilterHashtable parameter. Let’s start by returning the last 50 events in … Continued
Local Administrator Group Changes: Get Notified with PowerShell
Picture this. You work at a company that prides itself on it’s security practices. They’ve got firewalls, IDS/IPS systems, routinely perform security audits, keep patches up to date and have a really expensive SIEM product that generates alerts the moment something fishy goes on. A very important employee with highly sensitive data on his PC … Continued
Monitoring Event Logs with PowerShell
A routine sysadmin task that PowerShell lends itself to is parsing data and text files, and the Windows event logs use XML formatted information that can be easily parsed using the Get-EventLog and Get-WinEvent PowerShell cmdlets. In this article I’m going to show you how to get started using PowerShell to parse the event logs, … Continued