Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

Powershell – property does not appear

byMR
June 26, 2022

I’m having great difficulty in putting the properties in the information that I export from the event log.

$event0 = Get-WinEvent -FilterHashTable @{Logname = 'Security'; ID = 4663 }
$events = $event0 | Select | Where { $_.Properties[9].Value -eq 65536 }

$teste = foreach ($event in $events) {
    $event2 = new-object psobject -Property @{
        TimeCreated = $event.TimeCreated
        EventID     = $event.Id
        User        = $event.Properties[1].Value
        Domain      = $event.Properties[2].Value
        LoginID     = $event.Properties[3].Value
        ObjectName  = $event.Properties[6].Value
        HandleID    = $event.Properties[7].Value
        ProcessName = $event.Properties[11].Value
        AccessMASK  = $event.Properties[9].Value
    }

    Write-Output "$($event2.TimeCreated), $($event2.EventId), $($event2.User), $($event2.Domain), $($event2.LoginID), $($event2.ObjectName), $($event2.HandleID), $($event2.ProcessName), $($event2.AccessMASK)" 
    $teste | ConvertTo-Html -Property TimeCreated, EventID, User, Domain, LoginID, ObjectName, HandleID, ProcessName, AccessMASK
}

$teste | Out-File -FilePath "Rel.html" -Append

the result shows the information without the property in the first row that serves to describe the data in each column.

Log Image

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

>Solution :

You need to do the Convert-HTML on the whole result list and not on each individual records.

Only then you’ll get the headers as you exepect in the resulting HTML.

$event0 = Get-WinEvent -FilterHashTable @{Logname = 'Security'; ID = 4663 }


$events = $event0 | Where { $_.Properties[9].Value -eq 65536 }

$teste = foreach ($event in $events) {
    [PsCustomObject] @{
        TimeCreated = $event.TimeCreated
        EventID     = $event.Id
        User        = $event.Properties[1].Value
        Domain      = $event.Properties[2].Value
        LoginID     = $event.Properties[3].Value
        ObjectName  = $event.Properties[6].Value
        HandleID    = $event.Properties[7].Value
        ProcessName = $event.Properties[11].Value
        AccessMASK  = $event.Properties[9].Value
    }
}

#Uncomment below if you want to see the result in the console.
#$teste | Format-Table

# Convert all results to a HTML table
$teste | ConvertTo-Html -Property TimeCreated, EventID, User, Domain, LoginID, ObjectName, HandleID, ProcessName, AccessMASK  | Out-File -FilePath "Rel.html"
byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading