Hello,
How can I use PowerShell to create a (security) event?
The structure of the message part of the event should be like the following:
<EventData><Data Name="SubjectUserSid">S-1-5-21-1229272821-1801674531-839522115-18652</Data>
<Data Name="SubjectUserName">admindijc</Data>
<Data Name="SubjectDomainName">PGGM-INTRA</Data>
<Data Name="SubjectLogonId">0x21ec6eef</Data>
<Data Name="ObjectType">File</Data>
<Data Name="IpAddress">145.4.61.34</Data>
<Data Name="IpPort">56027</Data>
<Data Name="ShareName">\\*\IPC$</Data>
<Data
Name="ShareLocalPath"
/>
/>
<Data Name="AccessMask">0x1</Data>
<Data Name="AccessList">%%4416</Data>
</EventData>
The PowerShell script should be able to create the (xml) eventdata structure with (custom) names for the different parameters. This will enable me to address the individual parts of the avent in OM2012. Without the xml structure SOM2012 would need to search the whole event text which is an expensive operation
Thanks in advance
Regards,
Coen