Windows Snippets

System Events

Documentation

Search Logs

Get-WinEvent -FilterHashtable @{'LogName' = 'System'; 'ProviderName' = 'Microsoft-Windows-Kernel-General'; 'Id' = 1}

$AuditEvents = Get-WinEvent -FilterHashtable @{'LogName' = 'Security'; 'ProviderName' = 'Microsoft-Windows-Security-Auditing'; 'Id' = 4616} | Select *

$TimeEvents=Get-WinEvent -FilterHashtable @{'Path' = 'C:\Users\Administrator\Desktop\saved-file.evtx'; 'LogName' = 'System'; 'ProviderName' = 'Microsoft-Windows-Kernel-General'; 'Id' = 1} | Select *