Automating Tasks with Task Scheduler

Security logs contain a wealth of information to help you reduce exposure to intruders, malware, and data loss in your network.

In this lecture you will learn how to Use PowerShell to pull data from the security log then using a script you will automate security log data collection using the Windows Task Scheduler.

Complete the Prerequisites from 12 (Question) Let’s review

• First create a folder on your host’s C: drive called test.
• Download the student guide and the script called SecLog.ps1**(Upload the PS1 to (12 Answer)**
• Copy this script to the C:\test folder

From the Host, open PowerShell ISE in admin mode and open the script called C:\test\SecLog.ps1

Here is the script:

Define the number of entries to retrieve

$numberOfEntries = 50

Get the 50 most recent security event log entries

$securityLogEntries = Get-WinEvent -LogName Security -MaxEvents $numberOfEntries |

** Select-Object TimeCreated, Id, LevelDisplayName, Message**

Define the path for the CSV file

$csvFilePath = "C:\test\SecLog.csv"

Export the security log entries to a CSV file

$securityLogEntries | Export-Csv -Path $csvFilePath -NoTypeInformation

Output a confirmation message

Write-Host "The last $numberOfEntries security event log entries have been exported to $csvFilePath."

Here is the explanation:

$numberOfEntries = 50

Here, we are seeing a variable called $numberOfEntries to 50. This variable will determine how many recent security event log entries we want to retrieve. You can increase or decrease this number.

$securityLogEntries This will contain an array of objects, with each object representing one of the 50 most recent security event log entries. These objects have properties like TimeCreated, Id, LevelDisplayName, and Message.

Get-WinEvent is a cmdlet that allows us to retrie…