So I needed a easy way of getting things from the eventviewer so I wrote a small cmdlet to help me. It allows you to pipe entries returned by Get-WinEvent and returns Powershell objects.

This allows you to do mer advanced powershell filtering than normally allowed. Due to it still being a scripted solution I suggest doing basic filtering prior to sending the events to the cmdlet.

The following command will get the last two events and transform them to Powershell objects.

 

PowerShell
Edit|Remove
Get-WinEvent -LogName Security -MaxEvents 2|ConvertFrom-VirotEvent