Created
November 2, 2016 11:27
-
-
Save chrisbrownie/31f6784174452c5d64a98d04497336cc to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fired when a SMSSec 2000 (AuthN failure) occurs | |
| $SmtpDetails = @{ | |
| "SmtpServer" = "smtp.margiestravel.com" | |
| "To" = "[email protected]" | |
| "Subject" = "" | |
| "Body" = "" | |
| "From" = "[email protected]" | |
| "BodyAsHtml" = $true | |
| "Priority" = "High" | |
| } | |
| # Get the latest 2000 event from the SMSSec log | |
| $Event = Get-EventLog -LogName "SMSSec" -Newest 1 -InstanceId 2000 | |
| # Tear the details of the event apart into a hashtable we can work with | |
| $EventDetails = @{} | |
| $event.ReplacementStrings.Split("`n") | % { | |
| try { $EventDetails.Add($_.Split(":")[0].Trim(), $_.split(":")[1].Trim()) } catch { } | |
| } | |
| $SmtpDetails.Subject = "'$($EventDetails.Login)': SMS PASSCODE Login Failure! " | |
| $SmtpDetails.Body = @" | |
| <strong>SMS PASSCODE Authentication Failure!</strong><br /><br /> | |
| Timestamp: $($Event.TimeGenerated)<br /> | |
| Username: $($EventDetails.Login)<br /> | |
| End-User IP: $($EventDetails.'End-user IP')<br /> | |
| Reason: $($EventDetails.Reason)<br /><br /> | |
| Session ID: $($EventDetails.'Session ID')<br /> | |
| "@ | |
| Send-MailMessage @SmtpDetails |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment