Skip to content

kristianbuch/XB-Win32LogTools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
Public
Public
 
 
docs
docs
 
 
Build.ps1
Build.ps1
 
 
README.md
README.md
 
 
XB-Win32LogTools.psd1
XB-Win32LogTools.psd1
 
 
XB-Win32LogTools.psm1
XB-Win32LogTools.psm1
 
 
dependencies.ps1
dependencies.ps1
 
 

Repository files navigation

XB-Win32LogTools

A professional PowerShell module for analyzing and exporting Windows Event Logs – especially Sysmon. Includes log timeline generation, scheduled exports, network/file tracking, and audit policy configuration.

✨ Features

  • Export logs as .evtx or .json
  • View process, file, and network activity by user
  • Build forensic timelines
  • Schedule automatic exports
  • Configure Windows and Sysmon auditing
  • PlatyPS-compatible help
  • Supports Pester, PSDepend, ScriptAnalyzer

🛠 Requirements

  • Sysmon installed and configured
  • PowerShell 5.1+ or 7+

📦 Installation

# 1. Install dependencies automatically
Invoke-PSDepend .\dependencies.psd1 -Force

# 2. Import the module
Import-Module .\XB-Win32LogTools\XB-Win32LogTools.psd1 -Force

🔧 Build/Test

# Run code validation and tests
.\Build.ps1

🧪 Run specific tool

Export-XBWin32Log -AsJson
Get-XBWin32NetworkEvents -DaysBack 7 -Output Json
Get-XBWin32Timeline -IncludeUsers 'contoso\admin1'
Set-XBWin32AuditPolicyWizard

📚 Help

Get-Help Export-XBWin32Log -Full

👤 Author

Kristian Holm Buch
GitHub
LinkedIn

© 2025 NexaBlue — Licensed under CC BY-NC-ND 4.0

About

PowerShell Mdule with Win32 Logging tools

nexablue.dk/pwsh/modules/xb-win32logtools

Topics

powershell win32 audit-log powershell-module pwsh

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages