Forum Discussion

joswil0805's avatar
joswil0805
Copper Contributor
Oct 08, 2024

powershell get-winevent script assistance

first time poster here, hoping i am doing this correctly! I am using the script below to send email alerts when there are more than 200 of event 6273 is logged under the security log within a 10...
powershell
sdtslmn's avatar
sdtslmn
MCT
Oct 29, 2024

joswil0805 

 

$count = (Get-WinEvent -FilterHashtable @{logname='Security'; Id = 6273; StartTime = (Get-Date).AddMinutes(-10)}).count

if ($count -gt 200) {
    $A = Get-WinEvent -MaxEvents 100 -FilterHashTable @{Logname = "Security"; ID = 6273; StartTime = (Get-Date).AddMinutes(-10)} -ErrorAction SilentlyContinue
    $Message = $A | ForEach-Object {
        "Timestamp: $($_.TimeCreated)`nAccountName: $($_.Properties[1].Value)`nCalling Station: $($_.Properties[10].Value)`n"
    } -join "`n"
    
    # Email configuration
    $SMTPClient = New-Object Net.Mail.SmtpClient("smtp.mail.com", 587)
    $SMTPClient.EnableSsl = $true
    $SMTPClient.Credentials = New-Object System.Net.NetworkCredential("your-email", "password")
    $SMTPClient.Send("your-email", "recipient-email", "Password guessing alert", $Message)
} else {
    Write-Host "Under 200 events"
}