Get-AppLockerEventlog – Script For Fetching Applocker Event Log By Parsing The Win-Event Log

And, The result will be saved to a csv file: AppLocker-log.csv

The juicy and useful information you will get with this script are:

This parameter specifies the type of events you are interested in, there are 04 values for this parameter:

1. All

This gets all the events of AppLocker that are interesting for threat-hunting, forensic or even troubleshooting. This is the default value.

2. Block

This gets all the events that are triggered by the action of blocking an application by AppLocker, this type is critical for threat-hunting or forensics, and comes with high priority, since it indicates malicious attempts, or could be a good indicator of prior malicious activity in order to evade defensive mechanisms.

3. Allow

This gets all the events that are triggered by the action of Allowing an application by AppLocker. For threat-hunting or forensics, even the allowed applications should be monitored, in order to detect any possible bypass or configuration mistakes.

4. Audit

To better understand AppLocker :

This project welcomes contributions and suggestions.



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page