Skip to content

Invoke-IR/WmiEvent

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

WmiEvent

Developed by @jaredcatkinson, @mattifestation

Overview

An Event Filter (__EventFilter) is a WMI Query Language (WQL) query that specifies the type of object to look for (for more details on WQL please check out Ravikanth Chaganti's free ebook). Event Consumers (__EventConsumer) are the action component of the Event Subscription. Event Consumers tell the subscription what to do with an object that makes it past the filter. There are five default event consumers in Windows: ActionScriptEventConsumer (runs arbitrary vbscript or jscript code), CommandLineEventConsumer (executes an arbitrary command), LogFileEventConsumer (writes to a specified flat log file), NtEventLogEventConsumer (creates a new event log), and SMTPEventConsumer (sends an email). Lastly, the Binding (__FilterToConsumerBinding) pairs a Filter with a Consumer.

Cmdlets

Get-ActiveScriptEventConsumer - 
Get-CommandLineEventConsumer - 
Get-LogFileEventConsumer - 
Get-NtEventLogEventConsumer - 
Get-SmtpEventLogEventConsumer - 
Get-WmiEventConsumer - 
Get-WmiEventFilter - 
Get-WmiEventSubscription - 
New-ActiveScriptEventConsumer - 
New-CommandLineEventConsumer - 
New-LogFileEventConsumer - 
New-NtEventLogEventConsumer - 
New-SmtpEventConsumer - 
New-WmiEventConsumer - 
New-WmiEventFilter - 
New-WmiEventSubscription - 
New-CimSessionDcom - 
Register-PermanentWmiEvent - 

About

A PowerShell module to abstract the complexities of Permanent WMI Event Subscriptions

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published