$event = Get-AppLockerFileInformation -EventLog -LogPath "C:\windows\system32\winevt\logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx" -EventType Audited -Statistics | Select-Object -First 1
output =
FilePath : %OSDRIVE%\PROGRAMDATA\APP-V\*\ROOT\VFS\PROGRAMFILESX86\ADOBE\ACROBAT READER D
C\READER\ACRORD32.EXE
FilePublisher : O=ADOBE SYSTEMS, S=CALIFORNIA, C=US\ADOBE ACROBAT READER DC\ACRORD32.EXE
FileHash : SHA256 0x04FA2719D09DD9*F52B3A8E49ED89D392FED248AADD11D
PolicyDecision : Denied
Counter : 1
Now i am using this to send an email on a event id but i can only get the output posted above, i would like to include the username that triggerd this event, so i can include this in my email.
can anyone help me with this?
Thanks