Get-CimInstance Win32_Account can be very slow, so start by delaying it until Get-WDACApplockerScriptMsiEvent or Get-WDACCodeIntegrityEvent is used rather than doing it at module import.
I then switched to only looking up SIDs as they were found in the logs rather than looking up all domain accounts to save time, since generally only a relatively small number of accounts appear in the logs.
Get-CimInstance Win32_Accountcan be very slow, so start by delaying it untilGet-WDACApplockerScriptMsiEventorGet-WDACCodeIntegrityEventis used rather than doing it at module import. I then switched to only looking up SIDs as they were found in the logs rather than looking up all domain accounts to save time, since generally only a relatively small number of accounts appear in the logs.