This PowerShell script monitors local security event logs and extracts information about failed logon attempts. It can be useful for system administrators to track potential security breaches.
Step 1: Get the current date and time to filter logs.
“`powershell
$currentDate = Get-Date
“`
Step 2: Define the time range for the logs to check, for example, the last 24 hours.
“`powershell
$startTime = $currentDate.AddHours(-24)
“`
Step 3: Retrieve the security event logs related to failed logon attempts.
“`powershell
$failedLogons = Get-WinEvent -LogName Security -FilterHashtable @{ID=4625; StartTime=$startTime}
“`
Step 4: Select relevant information and format the output for better readability.
“`powershell
$failedLogonInfo = $failedLogons | Select-Object TimeCreated, @{Name=’User’;Expression={$_.Properties[5].Value}}, @{Name=’Machine’;Expression={$_.Properties[18].Value}}
“`
Step 5: Output the results to the console.
“`powershell
$failedLogonInfo | Format-Table -AutoSize
“`
