Skip to content

Commit cd0c574

Browse files
nullbindnullbind
authoredMar 30, 2022
Add files via upload
1 parent 89f66b4 commit cd0c574

File tree

72 files changed

+11054
-0
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

72 files changed

+11054
-0
lines changed
 

‎windows/modules/analysis/search/analyze-003-01-events-1102.ps1

+19
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
2+
# Script : Invoke-PowerHunt
3+
# Module : analyze-events-1102-count
4+
# Version: 1.0
5+
# Author : Scott Sutherland
6+
# Summary: This is script is part of the PowerHunt framework.
7+
# License: 3-clause BSD
8+
9+
10+
# Save result summary
11+
$AnalysisModuleFileName = $_.name -replace(".ps1","-counts.csv")
12+
$FinalOutput = $CollectedData | group PrincipalName | Sort-Object count -Descending | select count,name
13+
$FinalOutput | Export-Csv -NoTypeInformation "$OutputDirectory\analysis\$AnalysisSubDir\Hunt-$AnalysisModuleFileName"
14+
15+
# Count instances
16+
$InstanceCount = $FinalOutput | measure | select count -expandproperty count
17+
18+
# Save summary metrics
19+
$null = $ModuleOutputSummary.Rows.Add("$ModuleType","$CollectionModuleName","$CollectionDataSource","$AnalysisModuleName","$AnalysisType","$InstanceCount")

0 commit comments

Comments
 (0)
Please sign in to comment.