User login activity

Options
TonicXsonic
TonicXsonic Member Posts: 2
edited December 2023 in Remote Monitoring

Hi, I would like to know if there is a way to create an alert when there is a user to log in from the managed device. So far i dont see any option in the threshold setting for this.

Tagged:

Comments

  • tanderson
    tanderson Member Posts: 208 ✭✭✭✭
    Options

    @TonicXsonic

    $Event = Get-WinEvent -LogName 'Security' -MaxEvents 1 -FilterXPath "*[System[EventID=4624]]"
    $EventXML = [xml]$Event.ToXml()
    $Username = ($EventXML.Event.EventData.Data | Where-Object {$_.Name -eq 'TargetUserName'} | Select-Object -Property '#text')."#text"

    if ($Username -ne 'ANONYMOUS LOGON') {
    Send-MailMessage -To "your_email@example.com" -From "alert@example.com" -Subject "New User Login" -Body "User $Username has just logged in." -SmtpServer "smtp.example.com"
    }

    Task Scheduler Method with Event Trigger

    1. Open Task Scheduler and create a new task.
    2. Set the Trigger to "On an event" and configure it to monitor the Security log for Event ID 4624.
    3. Set the Action to "Send an email" and fill in the necessary email information.
    4. Finish the setup to activate the task.

    Note: Starting with Windows Server 2012 and Windows 8, sending email via Task Scheduler is deprecated, so you may want to have the task run a PowerShell script to send the email, like in the PowerShell method above.

  • nina
    nina Administrator Posts: 428 admin
    Options

    Thanks @tanderson !!!