Shared/Select-LogProperties.psm1

Function Select-LogProperties {
    <#
    .SYNOPSIS
        Selects, processes and sorts the properties for the Code Integrity and AppLocker logs.
    #>

    Param (
        [PSCustomObject[]]$Logs
    )
    Return $Logs | Select-Object -Property @{
        Label      = 'File Name'
        Expression = {
            # Can't use Get-Item or Get-ChildItem because the file might not exist on the disk
            # Can't use Split-Path -LiteralPath with -Leaf parameter because not supported
            [System.String]$TempPath = Split-Path -LiteralPath $_.'File Name'
            $_.'File Name'.Replace($TempPath, '').TrimStart('\')
        }
    },
    'TimeCreated',
    'PolicyName',
    'ProductName',
    'FileVersion',
    'OriginalFileName',
    'FileDescription',
    'InternalName',
    'PackageFamilyName',
    @{
        Label      = 'Full Path'
        Expression = { $_.'File Name' }
    },
    'Validated Signing Level',
    'Requested Signing Level',
    'SI Signing Scenario',
    'UserId',
    @{
        Label      = 'Publishers'
        Expression = { [System.String[]]$_.'Publishers' }
    },
    'SHA256 Hash',
    'SHA256 Flat Hash',
    'SHA1 Hash',
    'SHA1 Flat Hash',
    'PolicyGUID',
    'PolicyHash',
    'ActivityId',
    'Process Name',
    'UserWriteable',
    'PolicyID',
    'Status',
    'USN',
    'SignatureStatus',
    'ProviderName',
    'SignerInfo' | Sort-Object -Property TimeCreated -Descending

    <#
    Return [System.Linq.Enumerable]::OrderByDescending(
        [System.Collections.Generic.List[System.Object]]$Logs,
        [System.Func[System.Object, System.DateTime]] { param($Item) $Item.TimeCreated }
    )
        #>

}
Export-ModuleMember -Function 'Select-LogProperties'