Administrator: Windows PowerShell ISE File Edit View Tools Debug Add-ons Help Untitled24.ps1" getdata-sysmon-2.ps1 getdata-sysmon-3-08112020.ps1 x Set-PSDebug -Trace 1 -step Untitled22.ps1" 1 #...

Book reference: Windows PowerShell Step by Step 3rd Edition - Ed Wilson


Chapter 18

10. What does setting the –Step parameter in Set-PSDebug cmdlet achieve?

>>> $t = 600 ject -Property count -Descen 21 22 23 24 25 26 Yes Yes to All No No to All Suspend -Name ProcessId -Value valu 27 28 PS C:\WINDOWS\system32> c:\Users\Luxma\Documents\getdata-sysmon-3-08112020.ps1 1+ >>>> Set-PSDebug -Trace 1 1 -step DEBUG: "/>
Extracted text: Administrator: Windows PowerShell ISE File Edit View Tools Debug Add-ons Help Untitled24.ps1" getdata-sysmon-2.ps1 getdata-sysmon-3-08112020.ps1 x Set-PSDebug -Trace 1 -step Untitled22.ps1" 1 # constant for time-range to count events from current time $t 4 = 600 # define the t ime-range Stime = (Get-Date). Addseconds(-$t) 8 # get data from event veiwer - sysmon-logs and filter events 11, 23 Sevent = Get-winEvent -FilterHashTable @ž LogName = "Microsoft-windows-sysmon/Operational"; StartTime = $time; ID 10 1 11 12 13 14 15 16 17 18 19 20 #filter event data to capture processid and count return Sevent | select-object -Expand Message | ConvertFrom-String | Group-object pll | Sort-object -Property count #$s = $event | select-object -Expand Message | ConvertFrom-string | Group-object p9,p11,p2 | Sort-object -Property cơ #write-Host $s 2 Continue with this operatio.. # $event | select-object -Expand Message ! ConvertFrom-String #Sevent į select-object -Expand Message į ConvertFrom-string #Sevent į select-object -Expand Message į % {$_ .replace("{"," #$event j select-object -Expand Message i gm #Get-Process | where-object { $_. MainwindowTitle } | Add-Memb. #Sevent ! Select-object -Expand Message | ConvertFrom-string | Sort-object -Unique #$event į Select-object * # $event | select-object -Last 5 | Select-object -Expand Message | ConvertFrom-string | Select-object -Property p1,p2, #constant for count of monitored events 4+ >>>> $t = 600 ject -Property count -Descen 21 22 23 24 25 26 Yes Yes to All No No to All Suspend -Name ProcessId -Value valu 27 28 PS C:\WINDOWS\system32> c:\Users\Luxma\Documents\getdata-sysmon-3-08112020.ps1 1+ >>>> Set-PSDebug -Trace 1 1 -step DEBUG: