I am query the Security EventLog on our PDC to watch for trends that might indicate compromised hosts or usernames. I have got the code to gather the info and clean it up...
$TargetEvents ends up like this: (I can't figure out how to format a normal looking table in my post)
Host User ---- ---- host1 user1 host2 user2 host1 user3 host1 user4 host2 user4
$Events= Get-WinEvent -ComputerName MYPDC -FilterHashtable @{Logname='Security';id=4740} -MaxEvents 10
$TargetEvents=@()
foreach ($Event in $Events)
{
$obj=[PSCustomObject]@{
Host=$Event.Properties[1].value.ToString()
User=$Event.Properties[0].value.ToString()
}
$TargetEvents+=$obj
}
I'd like to be able create a summary but I'm just genuinely stuck. I don't program professionally, just tools to help my work.
This is what I'm TRYING to create:
Host Frequency
---- ---------
host1 3
host2 2
User Frequency
---- ---------
user1 1
user2 1
user3 1
user4 2