Merge pull request #22 from zmbf0r3ns1cs/master

Update System EID 104 parsing output to correctly reflect the cleared log name
2021-05-06 19:11:11 +00:00
parent c2a3840bae 122d078efe
commit 396bbc4e28
1 changed files with 3 additions and 3 deletions
--- a/DeepBlue.ps1
+++ b/DeepBlue.ps1
@ -1,4 +1,4 @@
-<#
+<#
 .SYNOPSIS

 A PowerShell module for hunt teaming via Windows event logs
@ -87,7 +87,7 @@ function Main {
            Date    = $event.TimeCreated
            Log     = $logname
            EventID = $event.id
-            Message = ""
+            Message = $event.message
            Results = ""
            Command = ""
            Decoded = ""
@ -405,7 +405,7 @@ function Main {
            ElseIf ($event.id -eq 104){
                # The System log file was cleared.
                $obj.Message = "System Log Clear"
-                $obj.Results = "The System log was cleared."
+                $obj.Results = $event.message
                Write-Output $obj
            }
        }