Aşağıdaki PowerShell ile Brute Force edilen serverdaki deneme yapılan kullanıcıları alabilirsiniz.
Set-ExecutionPolicy RemoteSigned
$Outfile = “C:\Logs\brute_Force.txt”
$today = get-date -DisplayHint date -UFormat %Y-%m-%d
Get-WinEvent -FilterHashTable @{LogName=”Security”;id=4625} | Foreach {
$event = [xml]$_.ToXml()
if($event)
{
$Time = Get-Date $_.TimeCreated -UFormat “%Y-%m-%d %H:%M:%S”$User = $event.Event.EventData.Data[1].”#text”
$xxxx = $event.Event.EventData.Data[5].”#text”
$strLog = $Computer + “Tarih=” + $Time + “Denenen Kullanıcı=” + $xxxx
$strLog | out-file $Outfile –append
}
}