Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $filterxml = @"
- <QueryList>
- <Query Id="0" Path="Security">
- <Select Path="Security">*[System[TimeCreated[timediff(@SystemTime) <= 60000]]]and*[System[(EventID=4663)]]
- and
- *[EventData[Data[@Name= 'ObjectName' ]and(Data= 'C:\Program Files (x86)\Lincoln')]]
- </Select>
- </Query>
- </QueryList>
- "@
- $events = Get-WinEvent -FilterXml $filterXml
- If ($events.Count -ge 4) {
- Send-MailMessage -To "Ej3954969@gmail.com" -From "alerts@castlefundinvestment.com" -SMTPServer 155.6.1.10 -Subject "Access Report - Event ID: 4663" -Body "Restricted Folder Access from $env:computername"
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement