sync

Windows-SecurityLogStuff.ps1

@@ -0,0 +1,29 @@
+1     5:51.158 $x = Get-WinEvent -ComputerName localhost -LogName Security
+   2        0.584 $x
+   3        0.570 $x.Message | select -first 200
+   4        4.902 $x | where-object id -eq 4624
+   5        7.425 $y=$x | where-object id -eq 4624
+   6        1.066 $y.ToXml()
+   7        0.072 $y.ToXml().Event.EventData.Data
+   8        0.045 $y.ToXml().Event
+   9        0.875 $y.ToXml()
+  10        0.440 $xEvt=[xml]$y.ToXml()
+  11        0.183 $y
+  12        0.021 cls
+  13        0.002 $y.count
+  14        0.001 $x.count
+  15        0.000 $event=$x
+  16        0.000 $events=$x
+  17        2.204 $events | ForEach-Object{…
+  18        1.357 $events | ForEach-Object{…
+  19        6.452 $events | ForEach-Object{…
+  20     3:09.264 $events | ForEach-Object{…
+  21     6:49.545 $z=$events | ForEach-Object{…
+  22        0.372 $z
+  23        0.027 $z | select -first 20
+  24     1:15.379 $z.'#text'
+  25       10.290 $z | group-object '#.text'
+  26        0.007 $z | select -first 20
+  27        8.744 $z | group-object '#text'
+  28       13.311 $z | where-object '#text' -like "*jndi*"
+  29        1.299 $x | select -last 1