Microsoft Windows ‚Get-WinEvent‘ – will get all the events from all the event logs e.g. on the domain controller

Using PowerShell – Identifying Brute Force Attack Logs on the domain controller may be monitored for multiple failure instances to identify a brute force attack. A domain controller logs a failed Kerberos ticket with log event 4771 an example of a way to investigate a potential brute force attack is to run the command below on a domain controller to look for all failed logins within the last hour

Get-WinEvent -Filterhashtable @{LogName=’Security‘;id=4771;starttime=(Get-Date).AddHours(-1);endtime=(Get-Date) }

This entry was posted on Freitag, Mai 29th, 2026 at 12:51 and is filed under Administration, Windows Server 2022, Windows Server 2025. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

You must be logged in to post a comment.

IT Solutions Technology Blog

Microsoft Windows ‚Get-WinEvent‘ – will get all the events from all the event logs e.g. on the domain controller

Get-WinEvent -Filterhashtable @{LogName=’Security‘;id=4771;starttime=(Get-Date).AddHours(-1);endtime=(Get-Date) }

Leave a Reply