Hello all,
I have been tasked with searching some evtx logs. I am as you can see a neewbie here and I am having a little trouble getting the syntax right. This is what I have so far
Get-winevent -FilterHashtable @{Path="C:\logs\Archive-Security 18112015-2.evtx";ProviderName="Microsoft-Windows-Security-Auditing";id=4672}
The above works fine returning results, but when I try to add further data to retrieve thats when things go awry. e.g.
Get-winevent -FilterHashtable @{Path="C:\logs\Archive-Security 18112015-2.evtx";ProviderName="Microsoft-Windows-Security-Auditing";id=4672;UserId=<username>;ComputerName=<WorkStation>}
Any guidance will be greatly appreciated
TIA