89 lines
3.3 KiB
PowerShell
89 lines
3.3 KiB
PowerShell
# Define the time range for the last 1 day
|
|
$startTime = (Get-Date).AddHours(-1)
|
|
$endTime = Get-Date
|
|
|
|
# Define the filter hashtable with the time range
|
|
$filterHashTable = @{
|
|
LogName = 'Security'
|
|
Id = 4624
|
|
StartTime = $startTime
|
|
EndTime = $endTime
|
|
}
|
|
|
|
# Get all events with ID 4624 from the Security log within the defined time range
|
|
$events = Get-WinEvent -FilterHashtable $filterHashTable
|
|
|
|
# Create a hash table to store the last login event for each user
|
|
$userLogins = @{}
|
|
|
|
# Loop through each event
|
|
foreach ($event in $events) {
|
|
$eventDetails = [xml]$event.ToXml()
|
|
|
|
# Extract relevant information
|
|
$timeCreated = $event.TimeCreated
|
|
$username = $eventDetails.Event.EventData.Data | Where-Object { $_.Name -eq 'TargetUserName' } | Select-Object -ExpandProperty '#text'
|
|
$ipaddress = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias Ethernet | Select-Object -ExpandProperty IPAddress
|
|
$logonType = $eventDetails.Event.EventData.Data | Where-Object { $_.Name -eq 'LogonType' } | Select-Object -ExpandProperty '#text'
|
|
|
|
# Exclude events not related to remote logins and HealthMailbox
|
|
if ($logonType -ne "10" -or $username -like "DWM*" -or $username -like "*UMFD*") {
|
|
continue
|
|
}
|
|
|
|
$formattedTimeCreated = $timeCreated.ToString("yyyy-MM-dd HH:mm:ss")
|
|
|
|
# Store the event if it's the latest one for the user
|
|
if (-not $userLogins.ContainsKey($username) -or $userLogins[$username].TimeCreated -lt $timeCreated) {
|
|
$userLogins[$username] = [PSCustomObject]@{
|
|
lastaccess = $formattedTimeCreated
|
|
username = $username
|
|
ipaddress = $ipaddress
|
|
LogonType = $logonType
|
|
}
|
|
}
|
|
}
|
|
|
|
# Define the JSON file path with current date and hour
|
|
$dateString = (Get-Date).ToString("yyyyMMdd_HH-mm")
|
|
$jsonPath = "C:\Scripte\LastLogins_$dateString.json"
|
|
|
|
# Output the last login event for each user to the JSON file
|
|
$userLoginsArray = $userLogins.GetEnumerator() | ForEach-Object {
|
|
$_.Value
|
|
}
|
|
|
|
$userLoginsArray | ConvertTo-Json | Set-Content -Path $jsonPath -Encoding UTF8
|
|
|
|
Write-Output "JSON file created at $jsonPath"
|
|
|
|
# API endpoint URL
|
|
$apiUrl = "http://api.stines.de:8001/report"
|
|
|
|
# Your API key
|
|
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
|
|
$headers.Add("Content-Type", "application/json")
|
|
$headers.Add("access_token", "^YWUbG7yX*V!tV^KBSd*2c&vdN3wV9a2i7f3hfGFMBYFxi6#mMiJGiaA5KEHE%B*miK%qb7rQ67gmcYP@gqmux8")
|
|
|
|
# Loop through the collected user logins and send each as a JSON payload to the API
|
|
foreach ($userLogin in $userLoginsArray) {
|
|
$userLoginObject = $userLogin | Select-Object username, lastaccess, ipaddress
|
|
|
|
# Convert the user login object to JSON
|
|
$jsonPayload = $userLoginObject | ConvertTo-Json -Depth 3
|
|
|
|
# Encode JSON payload in UTF-8
|
|
$utf8JsonPayload = [System.Text.Encoding]::UTF8.GetBytes($jsonPayload)
|
|
|
|
# Send the JSON payload to the API
|
|
try {
|
|
$response = Invoke-RestMethod -Uri $apiUrl -Method Post -Body $utf8JsonPayload -ContentType 'application/json' -Headers $headers
|
|
Write-Output "Sent login data for user $($userLoginObject.Username) to the API. Response: $response"
|
|
} catch {
|
|
Write-Error "Failed to send login data for user $($userLoginObject.Username). Error: $_"
|
|
}
|
|
}
|
|
|
|
Write-Output "Finished sending login data to the API"
|
|
|