Month: April 2015
Advanced Event Log Filtering Using PowerShell
In a previous blog post, Monitoring Event Logs with PowerShell, I showed you how to use Get-WinEvent to perform basic event log monitoring using PowerShell. In this article, I want to demonstrate how Get-WinEvent can be used to run more complex queries using the –FilterHashtable parameter. Let’s start by returning the last 50 events in … Continued
Local Administrator Group Changes: Get Notified with PowerShell
Picture this. You work at a company that prides itself on it’s security practices. They’ve got firewalls, IDS/IPS systems, routinely perform security audits, keep patches up to date and have a really expensive SIEM product that generates alerts the moment something fishy goes on. A very important employee with highly sensitive data on his PC … Continued
Fighting Vulnerabilities: Microsoft Security Bulletin, March 2015
Microsoft has released a number of critical security patches for various vulnerabilities. Let’s try to clarify some important updates of security-related software. Most of these flaws belong to Internet Explorer with others found in Microsoft Office programs. One of the updates is ‘Cumulative Security Update for Internet Explorer (3032359)’, which helps fixing vulnerabilities in the … Continued
Monitoring Event Logs with PowerShell
A routine sysadmin task that PowerShell lends itself to is parsing data and text files, and the Windows event logs use XML formatted information that can be easily parsed using the Get-EventLog and Get-WinEvent PowerShell cmdlets. In this article I’m going to show you how to get started using PowerShell to parse the event logs, … Continued