You may want to proactively respond to events generated by your domain controller or other servers in order to quickly address potential issues or security threats. By monitoring events and taking appropriate action.
You can modify the script below to your needs.
In my example below i use the incidentID of a user account lockout.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
#Variables for mail sending. $MailSubject = “INFORMATION: An account has been locked out.” $MailFrom = new-object System.Net.Mail.MailAddress("AccountLockout@domain.com", "AccountLockout | CUSTOMER") $MailTo = ”Alertsystem@domain.com” $SMTPServer= "smtp.yourserver.com" #Variables for log gathering $Logname = "Security" $InstanceID = "4740" #Gather events $Event = Get-EventLog -LogName $Logname -InstanceId $InstanceID -Newest 1 $MailBody = $Event.Message + “`r`n`t” + $Event.TimeGenerated #Send mail alert. Send-MailMessage -To $MailTo -From $MailFrom -Subject $MailSubject -Body $MailBody -SmtpServer $SMTPServer -Encoding UTF8 |
If you have any questions / feedback or would like to correct me on any of the stuff above, please use the comment section or contact me directly using the blue button in the bottom right corner.
HI! Can you please specify where I have to change it, which line, and what words 🙂 Thank you!