A comprehensive PowerShell toolkit for RDP forensics analysis, tracking connection attempts, authentication, sessions, and logoffs across Windows Event Logs for security monitoring and incident response.

PowerShell module to audit NTLM authentication events from Windows Security and NTLM Operational logs. Filters by NTLMv1/v2, failed logons, privileged sessions (4672), date ranges, and null sessions. Validates NTLM audit GPO settings. Targets localhost, remote servers, domain controllers, or an entire AD forest.

Real-time Windows Event Log monitoring and alerting module for PowerShell. EventMonitor.Windows enables security monitoring, automation, observability pipelines, SIEM integration, telemetry, and AI agent orchestration using EventLogWatcher for instant OS-level event delivery. Monitors 40+ event IDs across 17 groups: logon/logoff, failed authen... More info