Handling Events with PowerShell and .NET (Part 1)
28 min read
By: Sonny Jamwal Jan 30, 2020 3:02:07 PM
Table of Contents
The Oxford dictionary defines an event as “a thing that happens, especially something important”. In the computing world most people associate events with logging, however events go beyond that. In fact, a log is nothing but an output from an event.
This blog post covers two types of events, PowerShell Engine Events and .NET Object Events (click here for part 2 of the series, Handling events with PowerShell and WMI).
Keep on reading if you want to learn how to handle both PowerShell Engine Events and .NET Object Events and which PowerShell commandlets will get you there.
Figure 3: The Remove-Event cmdlet deletes events from the event queue in the current session.
For this demonstration I switched from VS Code to ISE. Figure 15 shows how we subscribed to the EntryWritten event for Security logs. Our action blocks write “Meow” each time the event is invoked.
About the author:
Sonny is a self-proclaimed PowerShell preacher who lives in the beautiful city of Halifax on the east coast of Canada. Sonny has worked in Cybersecurity for more than 10 years and has acted as the primary technical lead and subject matter expert on many Cyber Security Assessments for various private and public organizations. Sonny regularly speaks at various security conferences such as BSides, AtlSecCon, ISACA, OWASP etc.