Performance issues with get-eventlog

[alie2n]

Today I had the problem that one of my servers running this script went out of memory. While diagnosing this problem I noticed that some powershell command were eating a lot of memory. Further diagnostics led to the get-eventlog command that was used by the deny script.

I then went to google and optimized the command to run in a fraction of a second. Here is what my deny script now uses to get the eventlog:

#define a new timespand for the Get-Date commandlet
$ts = New-TimeSpan -Minutes 5

#create a date-time object for later use
$EventDate = (Get-Date) - $ts

#Looks in event log for the custom event message generated by the file screen audit. Input's username of the offender into a variable.
$RansomwareEvents = Get-Winevent -FilterHashtable @{LogName = "Application"; ID = "8215"; StartTime = $EventDate} -MaxEvents 10

This way only the necessary parts of the eventlog are loaded and the script executes much faster. I tried this on a Windows server 2012.

[nexxai]

If you'd like to submit a Pull Request for these changes, I'd be happy to merge them into the script