Here's a useful Powershell one-liner for getting at the Windows Security Event Log schema:
(get-winevent -listprovider microsoft-windows-security-auditing).events
You may want to save the output to a varialbe:
$events = (get-winevent -listprovider microsoft-windows-security-auditing).events
Here's an example of the output:
No comments:
Post a Comment