"AaronLocker" big perf and feature updates (17 June 2019)
(On the 15th anniversary of my first blog posts...)
Performance improvements in the "AaronLocker" scripts, especially in Get-AppLockerEvents.ps1.
And:
Get-AppLockerEvents.ps1 ...
- Now retrieves Packaged App events;
- -EventLogNames parameter supports retrieving from named event logs, to support the use case when forwarded events are saved in event logs other than "ForwardedEvents";
- Removed all the field-omission switches (as part of the perf upgrade)
Generate-EventWorkbook.ps1 ...
- No longer requires a saved .csv file; invoke it without parameters and Generate-EventWorkbook.ps1 retrieves events from the local computer and slices/dices the results into a multi-tabbed Excel workbook.
Documentation updated, including updated troubleshooting/tips section.