Get-winevent will accept the computer name parameter but for some reason DNS resolution inside the parameter breaks the detection engine. To fix this it appears that passing the ipv4 address will return results as expected. Needs additional testing to validate data is being detected correctly from remote logs.
Code changes to DeepBlue.ps1 --------
line 37
Checking the Computer var and converting it to an address
Get-winevent will accept the computer name parameter but for some reason DNS resolution inside the parameter breaks the detection engine. To fix this it appears that passing the ipv4 address will return results as expected. Needs additional testing to validate data is being detected correctly from remote logs.
Code changes to DeepBlue.ps1 --------
line 37
Checking the Computer var and converting it to an address
If ($computer -ne ""){ $ips = [System.Net.Dns]::GetHostAddresses($computer) $ips = $ips | select -ExpandProperty IPAddressToString }
Line 70
Run Get-WinEvent with the -Computer switch only if the computername was passed