EvotecIT/PSEventViewer EventViewerX-v3.0.0

on GitHub

What's Changed

• Add Get-WinEventInformation cmdlet by @PrzemyslawKlys in #24
• Add Get-WinEventFilter cmdlet by @PrzemyslawKlys in #23
• Implement Set-WinEventSettings cmdlet by @PrzemyslawKlys in #26
• Add Get-WinEventSettings cmdlet by @PrzemyslawKlys in #25
• Add GitHub Actions test workflow by @PrzemyslawKlys in #28
• Fix file path for QueryFileInformation test by @PrzemyslawKlys in #30
• Add PowerShell CI workflow by @PrzemyslawKlys in #29
• Fix operation type mapping by @PrzemyslawKlys in #35
• Handle EventObject XML parsing errors by @PrzemyslawKlys in #34
• Fix message parsing for Windows newlines by @PrzemyslawKlys in #33
• Fix query log file missing check by @PrzemyslawKlys in #31
• Fix ObjectClass access by @PrzemyslawKlys in #32
• Add XML docs for NamedEvents by @PrzemyslawKlys in #36
• Implement user SID cache by @PrzemyslawKlys in #37
• Fix date edge cases in TimeHelper by @PrzemyslawKlys in #38
• Handle FQDN lookup errors by @PrzemyslawKlys in #40
• Parse colon separated fields from event XML by @PrzemyslawKlys in #41
• Add NTLMv1 event tracking by @PrzemyslawKlys in #42
• Add scriptblock callback support to WatchEvents by @PrzemyslawKlys in #44
• Optimize UAC translation by @PrzemyslawKlys in #39
• Expose NIC identifiers by @PrzemyslawKlys in #47
• Introduce KnownLog enum with QueryLog overloads by @PrzemyslawKlys in #45
• Add more WinEventFilter unit tests by @PrzemyslawKlys in #46
• Add dedicated Group Policy event classes by @PrzemyslawKlys in #52
• Fix DirectorySearcher disposal by @PrzemyslawKlys in #48
• Fix WriteEvent for null replacement strings by @PrzemyslawKlys in #49
• Add Remove-EVXSource cmdlet by @PrzemyslawKlys in #43
• Fix dictionary key lookups by @PrzemyslawKlys in #50
• Add PSD1 refresh step in PowerShell CI by @PrzemyslawKlys in #53
• Implement Get-EVXProviderList cmdlet by @PrzemyslawKlys in #51
• Add missing XML comments and enable nullable by @PrzemyslawKlys in #54
• Add Kerberos ticket event parser by @PrzemyslawKlys in #55
• Add ClientGroupPolicies event class by @PrzemyslawKlys in #56
• Add CertificateIssued rule by @PrzemyslawKlys in #57
• Implement ProviderMetadata caching by @PrzemyslawKlys in #58
• Add AuditPolicyChange rule by @PrzemyslawKlys in #59
• Add PowerShell script restore functions by @PrzemyslawKlys in #62
• Extend Find-WinEvent with message filtering by @PrzemyslawKlys in #60
• Fix XPath escaping by @PrzemyslawKlys in #67
• Validate event IDs before query by @PrzemyslawKlys in #66
• Fix message null handling by @PrzemyslawKlys in #65
• Add default cases in ConvertSize by @PrzemyslawKlys in #64
• Add CancellationToken support by @PrzemyslawKlys in #68
• Add Firewall Rule Change event by @PrzemyslawKlys in #69
• Add Windows update failure rule by @PrzemyslawKlys in #70
• Add BitLocker key change rule by @PrzemyslawKlys in #71
• Add Kerberos policy change rule by @PrzemyslawKlys in #72
• Replace string.Format usage with interpolation by @PrzemyslawKlys in #73
• Fix build by checking for PowerShell DLLs by @PrzemyslawKlys in #74
• Add DeviceRecognized event handling by @PrzemyslawKlys in #76
• Implement async enumerable for QueryLogsParallel by @PrzemyslawKlys in #75
• Add Windows scheduled task delete rule by @PrzemyslawKlys in #77
• Add rule for event 4660 by @PrzemyslawKlys in #79
• Add ScheduledTaskCreated rule for event ID 4698 by @PrzemyslawKlys in #80
• Add KerberosTGTRequest support by @PrzemyslawKlys in #81
• Implement IDisposable for EventWatcher by @PrzemyslawKlys in #85
• Add tests for GroupPolicyHelpers by @PrzemyslawKlys in #82
• Fix EventLogReader null query handling by @PrzemyslawKlys in #84
• Handle exceptions in Parallel.ForEach by @PrzemyslawKlys in #83
• Add ADUserPrivilegeUse for event ID 4672 by @PrzemyslawKlys in #86
• Handle user rights assignment events by @PrzemyslawKlys in #87
• Rebuild event named system by @PrzemyslawKlys in #88
• Handle null channel references by @PrzemyslawKlys in #91
• Rename Last1Hours to Last1Hour by @PrzemyslawKlys in #90
• Add validation for thread count by @PrzemyslawKlys in #89
• Wrap Process instances in using statements by @PrzemyslawKlys in #92
• Fix time helper to use local time by @PrzemyslawKlys in #93
• Validate category bounds by @PrzemyslawKlys in #94
• Add Hyper-V VM start rule by @PrzemyslawKlys in #96
• Add Hyper-V VM shutdown rule by @PrzemyslawKlys in #95
• Limit Start-EVXWatcher threads by @PrzemyslawKlys in #98
• Add missing XML docs by @PrzemyslawKlys in #97
• Add DFS Replication rule by @PrzemyslawKlys in #108
• Handle BitLocker suspension event by @PrzemyslawKlys in #107
• Add DeviceDisabled rule by @PrzemyslawKlys in #106
• Add WEF subscription utilities by @PrzemyslawKlys in #99
• Add Exchange store mount event rule by @PrzemyslawKlys in #105
• Capture DHCP lease events by @PrzemyslawKlys in #104
• Implement IIS site stop detection by @PrzemyslawKlys in #103
• Add BugCheck event rule by @PrzemyslawKlys in #101
• Implement checkpoint creation rule by @PrzemyslawKlys in #100
• Refactor generic parsing by @PrzemyslawKlys in #114
• Add DataTable helper by @PrzemyslawKlys in #113
• Add async query methods by @PrzemyslawKlys in #112
• Implement resume support for multiple jobs by @PrzemyslawKlys in #111
• Add IIS binding failure rule by @PrzemyslawKlys in #102
• Use concurrent collection and clean unused locks by @PrzemyslawKlys in #109
• Add keyword filter support by @PrzemyslawKlys in #116
• Skip chunk generation when no IDs by @PrzemyslawKlys in #117
• Fix watcher ID handling by @PrzemyslawKlys in #118
• Fix query filter formatting by @PrzemyslawKlys in #119
• Add SQL database creation rule by @PrzemyslawKlys in #120
• Add staging support for event ID 350 by @PrzemyslawKlys in #121
• Add AAD Connect rule for event 906 by @PrzemyslawKlys in #122
• Monitor password sync failures by @PrzemyslawKlys in #124
• Add AAD Connect staging disabled rule by @PrzemyslawKlys in #125
• Add SyncCompleted event rule by @PrzemyslawKlys in #123
• Add net9.0 framework by @PrzemyslawKlys in #127
• Fix semaphore release and add cancellation test by @PrzemyslawKlys in #132
• Reset event counter on new watch by @PrzemyslawKlys in #131
• Sanitize QueryLogFile path input by @PrzemyslawKlys in #130
• Fix negative diff values by @PrzemyslawKlys in #129
• Fix event enumeration names and mapping by @PrzemyslawKlys in #126
• Ensure deterministic expanded object by @PrzemyslawKlys in #110
• Update warning text by @PrzemyslawKlys in #128
• Add watcher manager to library and provide examples by @PrzemyslawKlys in #135
• docs(readme): ✏️ add TimePeriod summary by @PrzemyslawKlys in #137
• feat(event): ✨ parse event attachments by @PrzemyslawKlys in #136
• Fix remaining event rule base classes by @PrzemyslawKlys in #138
• Add Codecov integration by @PrzemyslawKlys in #140
• Add log management cmdlets by @PrzemyslawKlys in #139
• Add XML documentation for public members by @PrzemyslawKlys in #141
• Fix missing XML docs by @PrzemyslawKlys in #142
• Fix documentation gaps by @PrzemyslawKlys in #143
• Add XML comments for undocumented events by @PrzemyslawKlys in #144
• Fix named event query issue by @PrzemyslawKlys in #145
• Split OS startup/shutdown rules by @PrzemyslawKlys in #146
• Add logging for ExtractData errors by @PrzemyslawKlys in #149
• Fix cleanup target for build output by @PrzemyslawKlys in #148
• Fix streaming test to use startup event by @PrzemyslawKlys in #151
• Fix streaming of parallel query events by @PrzemyslawKlys in #147
• Replace event dictionary key by @PrzemyslawKlys in #154
• Fix ExtractData logging by @PrzemyslawKlys in #153
• Handle XML parse errors by @PrzemyslawKlys in #152
• Implement Limit-EVXLog cmdlet by @PrzemyslawKlys in #150
• Remove ambiguous positional parameter by @PrzemyslawKlys in #155
• Refactor async task handling by @PrzemyslawKlys in #156
• Ensure case-insensitive XML data parsing by @PrzemyslawKlys in #157
• Add logging for callback exceptions by @PrzemyslawKlys in #158
• Update logging strings in QueryLog by @PrzemyslawKlys in #160
• Fix provider filter escaping by @PrzemyslawKlys in #163
• Cache machine FQDN lookup by @PrzemyslawKlys in #162
• Prevent duplicate watchers by @PrzemyslawKlys in #159
• Handle empty machine name by @PrzemyslawKlys in #168
• Handle Nullable in IsSimpleType by @PrzemyslawKlys in #167
• Add advanced examples for filters and watchers by @PrzemyslawKlys in #165
• Add network monitor related named events by @PrzemyslawKlys in #169
• Refactor PowerShell script event parsing by @PrzemyslawKlys in #164
• Add watcher lifecycle tests by @PrzemyslawKlys in #161
• Fix DataTableHelper return value by @PrzemyslawKlys in #170
• Add reflection caching to DataTableHelper by @PrzemyslawKlys in #166
• Fix missing PowerShell XML comments by @PrzemyslawKlys in #171
• Add Clear-EVXLog cmdlet by @PrzemyslawKlys in #172
• Add Discord badge by @PrzemyslawKlys in #174
• Add AuthenticationType enum for NPS rule by @PrzemyslawKlys in #176
• Add NasPortType enum and integrate parsing by @PrzemyslawKlys in #177
• Split SearchEvents methods into partials by @PrzemyslawKlys in #179
• Fix multiple event ID filtering by @PrzemyslawKlys in #181
• Fix ConvertSize negative handling by @PrzemyslawKlys in #185
• Fix missing log info handling by @PrzemyslawKlys in #186
• Fix provider metadata disposal issue by @PrzemyslawKlys in #184
• Fix provider cache normalization by @PrzemyslawKlys in #187
• Synchronize watcher initialization by @PrzemyslawKlys in #188
• Fix script execution tracking by @PrzemyslawKlys in #189
• Fix WatchEvents timeout handling by @PrzemyslawKlys in #180
• fix(cmdlet): 🐛 return false when removal is skipped by @PrzemyslawKlys in #193
• fix(watcher): 🛡️ handle missing watcher list by @PrzemyslawKlys in #191
• Respect ErrorAction in Write-EVXEntry and add failure test by @PrzemyslawKlys in #194
• fix(events): 🛑 respect stopping token in event retrieval by @PrzemyslawKlys in #196
• refactor: ♻️ use properties for cmdlet parameters by @PrzemyslawKlys in #197
• fix(query): ignore empty providerName filter by @PrzemyslawKlys in #198
• chore(build): enable nullable reference types by @PrzemyslawKlys in #199
• refactor(eventviewerx): extract restored PowerShell script by @PrzemyslawKlys in #201
• refactor: extract Metadata class into separate file by @PrzemyslawKlys in #202
• refactor: split event enums into dedicated files by @PrzemyslawKlys in #200
• refactor(core): split EventObject into partial classes by @PrzemyslawKlys in #203
• style(eventviewer): reduce nullable warnings by @PrzemyslawKlys in #205
• refactor(windows): split client group policy rule classes by @PrzemyslawKlys in #206
• ci(dotnet): 🔧 add test verbosity and failure summary by @PrzemyslawKlys in #207
• Add Claude Code GitHub Workflow by @PrzemyslawKlys in #208
• feat: ✨ Add channel and subscription management features by @PrzemyslawKlys in #209

Full Changelog: v2.4.3...EventViewerX-v3.0.0