ADD Powershell Scripts
This commit is contained in:
sebastian.serfling
@@ -0,0 +1,88 @@
|
||||
# Define the time range for the last 1 day
|
||||
$startTime = (Get-Date).AddHours(-1)
|
||||
$endTime = Get-Date
|
||||
|
||||
# Define the filter hashtable with the time range
|
||||
$filterHashTable = @{
|
||||
LogName = 'Security'
|
||||
Id = 4624
|
||||
StartTime = $startTime
|
||||
EndTime = $endTime
|
||||
}
|
||||
|
||||
# Get all events with ID 4624 from the Security log within the defined time range
|
||||
$events = Get-WinEvent -FilterHashtable $filterHashTable
|
||||
|
||||
# Create a hash table to store the last login event for each user
|
||||
$userLogins = @{}
|
||||
|
||||
# Loop through each event
|
||||
foreach ($event in $events) {
|
||||
$eventDetails = [xml]$event.ToXml()
|
||||
|
||||
# Extract relevant information
|
||||
$timeCreated = $event.TimeCreated
|
||||
$username = $eventDetails.Event.EventData.Data | Where-Object { $_.Name -eq 'TargetUserName' } | Select-Object -ExpandProperty '#text'
|
||||
$ipaddress = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias Ethernet | Select-Object -ExpandProperty IPAddress
|
||||
$logonType = $eventDetails.Event.EventData.Data | Where-Object { $_.Name -eq 'LogonType' } | Select-Object -ExpandProperty '#text'
|
||||
|
||||
# Exclude events not related to remote logins and HealthMailbox
|
||||
if ($logonType -ne "10" -or $username -like "DWM*" -or $username -like "*UMFD*") {
|
||||
continue
|
||||
}
|
||||
|
||||
$formattedTimeCreated = $timeCreated.ToString("yyyy-MM-dd HH:mm:ss")
|
||||
|
||||
# Store the event if it's the latest one for the user
|
||||
if (-not $userLogins.ContainsKey($username) -or $userLogins[$username].TimeCreated -lt $timeCreated) {
|
||||
$userLogins[$username] = [PSCustomObject]@{
|
||||
lastaccess = $formattedTimeCreated
|
||||
username = $username
|
||||
ipaddress = $ipaddress
|
||||
LogonType = $logonType
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Define the JSON file path with current date and hour
|
||||
$dateString = (Get-Date).ToString("yyyyMMdd_HH-mm")
|
||||
$jsonPath = "C:\Scripte\LastLogins_$dateString.json"
|
||||
|
||||
# Output the last login event for each user to the JSON file
|
||||
$userLoginsArray = $userLogins.GetEnumerator() | ForEach-Object {
|
||||
$_.Value
|
||||
}
|
||||
|
||||
$userLoginsArray | ConvertTo-Json | Set-Content -Path $jsonPath -Encoding UTF8
|
||||
|
||||
Write-Output "JSON file created at $jsonPath"
|
||||
|
||||
# API endpoint URL
|
||||
$apiUrl = "http://api.stines.de:8001/report"
|
||||
|
||||
# Your API key
|
||||
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
|
||||
$headers.Add("Content-Type", "application/json")
|
||||
$headers.Add("access_token", "^YWUbG7yX*V!tV^KBSd*2c&vdN3wV9a2i7f3hfGFMBYFxi6#mMiJGiaA5KEHE%B*miK%qb7rQ67gmcYP@gqmux8")
|
||||
|
||||
# Loop through the collected user logins and send each as a JSON payload to the API
|
||||
foreach ($userLogin in $userLoginsArray) {
|
||||
$userLoginObject = $userLogin | Select-Object username, lastaccess, ipaddress
|
||||
|
||||
# Convert the user login object to JSON
|
||||
$jsonPayload = $userLoginObject | ConvertTo-Json -Depth 3
|
||||
|
||||
# Encode JSON payload in UTF-8
|
||||
$utf8JsonPayload = [System.Text.Encoding]::UTF8.GetBytes($jsonPayload)
|
||||
|
||||
# Send the JSON payload to the API
|
||||
try {
|
||||
$response = Invoke-RestMethod -Uri $apiUrl -Method Post -Body $utf8JsonPayload -ContentType 'application/json' -Headers $headers
|
||||
Write-Output "Sent login data for user $($userLoginObject.Username) to the API. Response: $response"
|
||||
} catch {
|
||||
Write-Error "Failed to send login data for user $($userLoginObject.Username). Error: $_"
|
||||
}
|
||||
}
|
||||
|
||||
Write-Output "Finished sending login data to the API"
|
||||
|
||||
Reference in New Issue
Block a user