private static void PrintProcessCreationEvents()
{
try
{
Beaprint.MainPrint("Process creation events - searching logs (EID 4688) for sensitive data.\n");
if (!MyUtils.IsHighIntegrity())
{
Beaprint.NoColorPrint(" You must be an administrator to run this check");
return;
}
foreach (var eventInfo in ProcessCreation.GetProcessCreationEventInfos())
{
Beaprint.BadPrint($" Created (UTC) : {eventInfo.CreatedAtUtc}\n" +
$" Event Id : {eventInfo.EventId}\n" +
$" User : {eventInfo.User}\n" +
$" Command Line : {eventInfo.Match}\n");
Beaprint.PrintLineSeparator();
}
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
}
