Windows-Event-Log-Messages
Windows-Event-Log-Messages copied to clipboard
Published
20 hours ago •
nsacyber
nsacyber
Create a PowerShell script to build an event log library
Parse all the events.json files and find first seen and last seen of each event. A unique entry may be id,level,message, and parameters OR may be id,level,message.
One item of interest is when the message changes for an existing event ID. Either the text changes or the parameters change (used parameters versus defined parameters which may be different).
