KK
У Максима вот в почту падают
Size: a a a
2019 August 26
YG
Kirill KK
Или любой лог коллектор / парсер
интересует более конкртеный варик)
YG
почта не вариант
KK
интересует более конкртеный варик)
Четыре буквы выше видел?
YG
мне в почту в сутки столько сыпется, что можно застрелиться
KK
Расшифровка нужна?
YG
онж платный
KK
мне в почту в сутки столько сыпется, что можно застрелиться
Сортировка почты - бесплатно
YG
да и MS как-то юзать…
KK
онж платный
При SA - нет
KK
да и MS как-то юзать…
Так никто же не напрягает МС юзать
M
Кста централизовано логи + алерты от AppLocker как реализовано?
#Fetches Latest SRP event from EventVwr
$Event = Get-EventLog -LogName 'Application' -InstanceId 865,868 -Newest 1
#Send mail function
Function send_mail([string]$message,[string]$subject) {
$emailFrom = ""
$emailTo = ""
$smtpServer = ""
Send-MailMessage -SmtpServer $smtpServer -To $emailTo -From $emailFrom -Subject $subject -Body $message -BodyAsHtml -Priority High
}
#Fetches File Path from the end of string
$message = $event.Message
$length = ($message.Length - 305)
$path = $message.Substring(305, $length)
$path
#Bundles into Msg and send Email
$message = "An application has been blocked from running by Software Restriction Policies on "+ $env:COMPUTERNAME+ " for user " + $event.username + ". <br><br>Further information can be found in the Application Event Log. <br><br>" + $path
$subject = "Software Blocked by SRP " + $env:COMPUTERNAME
send_mail $message $subject
$Event = Get-EventLog -LogName 'Application' -InstanceId 865,868 -Newest 1
#Send mail function
Function send_mail([string]$message,[string]$subject) {
$emailFrom = ""
$emailTo = ""
$smtpServer = ""
Send-MailMessage -SmtpServer $smtpServer -To $emailTo -From $emailFrom -Subject $subject -Body $message -BodyAsHtml -Priority High
}
#Fetches File Path from the end of string
$message = $event.Message
$length = ($message.Length - 305)
$path = $message.Substring(305, $length)
$path
#Bundles into Msg and send Email
$message = "An application has been blocked from running by Software Restriction Policies on "+ $env:COMPUTERNAME+ " for user " + $event.username + ". <br><br>Further information can be found in the Application Event Log. <br><br>" + $path
$subject = "Software Blocked by SRP " + $env:COMPUTERNAME
send_mail $message $subject
YG
Kirill KK
Так никто же не напрягает МС юзать
Вот поэтому про “другие варики” интересна конкретика
YG
SCOM уже не тот варик) так как про него написал уже)
YG
Maxim
#Fetches Latest SRP event from EventVwr
$Event = Get-EventLog -LogName 'Application' -InstanceId 865,868 -Newest 1
#Send mail function
Function send_mail([string]$message,[string]$subject) {
$emailFrom = ""
$emailTo = ""
$smtpServer = ""
Send-MailMessage -SmtpServer $smtpServer -To $emailTo -From $emailFrom -Subject $subject -Body $message -BodyAsHtml -Priority High
}
#Fetches File Path from the end of string
$message = $event.Message
$length = ($message.Length - 305)
$path = $message.Substring(305, $length)
$path
#Bundles into Msg and send Email
$message = "An application has been blocked from running by Software Restriction Policies on "+ $env:COMPUTERNAME+ " for user " + $event.username + ". <br><br>Further information can be found in the Application Event Log. <br><br>" + $path
$subject = "Software Blocked by SRP " + $env:COMPUTERNAME
send_mail $message $subject
$Event = Get-EventLog -LogName 'Application' -InstanceId 865,868 -Newest 1
#Send mail function
Function send_mail([string]$message,[string]$subject) {
$emailFrom = ""
$emailTo = ""
$smtpServer = ""
Send-MailMessage -SmtpServer $smtpServer -To $emailTo -From $emailFrom -Subject $subject -Body $message -BodyAsHtml -Priority High
}
#Fetches File Path from the end of string
$message = $event.Message
$length = ($message.Length - 305)
$path = $message.Substring(305, $length)
$path
#Bundles into Msg and send Email
$message = "An application has been blocked from running by Software Restriction Policies on "+ $env:COMPUTERNAME+ " for user " + $event.username + ". <br><br>Further information can be found in the Application Event Log. <br><br>" + $path
$subject = "Software Blocked by SRP " + $env:COMPUTERNAME
send_mail $message $subject
в копилку. Спасибо
YG
Maxim
#Fetches Latest SRP event from EventVwr
$Event = Get-EventLog -LogName 'Application' -InstanceId 865,868 -Newest 1
#Send mail function
Function send_mail([string]$message,[string]$subject) {
$emailFrom = ""
$emailTo = ""
$smtpServer = ""
Send-MailMessage -SmtpServer $smtpServer -To $emailTo -From $emailFrom -Subject $subject -Body $message -BodyAsHtml -Priority High
}
#Fetches File Path from the end of string
$message = $event.Message
$length = ($message.Length - 305)
$path = $message.Substring(305, $length)
$path
#Bundles into Msg and send Email
$message = "An application has been blocked from running by Software Restriction Policies on "+ $env:COMPUTERNAME+ " for user " + $event.username + ". <br><br>Further information can be found in the Application Event Log. <br><br>" + $path
$subject = "Software Blocked by SRP " + $env:COMPUTERNAME
send_mail $message $subject
$Event = Get-EventLog -LogName 'Application' -InstanceId 865,868 -Newest 1
#Send mail function
Function send_mail([string]$message,[string]$subject) {
$emailFrom = ""
$emailTo = ""
$smtpServer = ""
Send-MailMessage -SmtpServer $smtpServer -To $emailTo -From $emailFrom -Subject $subject -Body $message -BodyAsHtml -Priority High
}
#Fetches File Path from the end of string
$message = $event.Message
$length = ($message.Length - 305)
$path = $message.Substring(305, $length)
$path
#Bundles into Msg and send Email
$message = "An application has been blocked from running by Software Restriction Policies on "+ $env:COMPUTERNAME+ " for user " + $event.username + ". <br><br>Further information can be found in the Application Event Log. <br><br>" + $path
$subject = "Software Blocked by SRP " + $env:COMPUTERNAME
send_mail $message $subject
+
M
Yevgeniy Goncharov увеличил репутацию Maxim(2)
KK
в копилку. Спасибо
Только что же сказал, что в почту не варик
YG
для малых организации норм же…
YG
я не только о себе думаю же