Merge pull request #22 from zmbf0r3ns1cs/master
Update System EID 104 parsing output to correctly reflect the cleared log name
This commit is contained in:
@ -1,4 +1,4 @@
|
|||||||
<#
|
<#
|
||||||
.SYNOPSIS
|
.SYNOPSIS
|
||||||
|
|
||||||
A PowerShell module for hunt teaming via Windows event logs
|
A PowerShell module for hunt teaming via Windows event logs
|
||||||
@ -87,7 +87,7 @@ function Main {
|
|||||||
Date = $event.TimeCreated
|
Date = $event.TimeCreated
|
||||||
Log = $logname
|
Log = $logname
|
||||||
EventID = $event.id
|
EventID = $event.id
|
||||||
Message = ""
|
Message = $event.message
|
||||||
Results = ""
|
Results = ""
|
||||||
Command = ""
|
Command = ""
|
||||||
Decoded = ""
|
Decoded = ""
|
||||||
@ -405,7 +405,7 @@ function Main {
|
|||||||
ElseIf ($event.id -eq 104){
|
ElseIf ($event.id -eq 104){
|
||||||
# The System log file was cleared.
|
# The System log file was cleared.
|
||||||
$obj.Message = "System Log Clear"
|
$obj.Message = "System Log Clear"
|
||||||
$obj.Results = "The System log was cleared."
|
$obj.Results = $event.message
|
||||||
Write-Output $obj
|
Write-Output $obj
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user