Configuration File [Alert] - phbits/WebsiteFailedLogins GitHub Wiki

WebsiteFailedLogins will only alert when a threshold has been met or exceeded. The following are methods in which alerts are generated and the desired format of alert data.

[Alert] Method

Three alert methods are available. While Standard Out is always used, one can use both Smtp and WinEvent, just one, or none.

Smtp

Smtp will send alerts via SMTP (email). Has ability to ingest a credential file to enable authenticated SMTP. This can be useful when integrating with ticketing systems or even monitoring stand-alone systems. See Smtp(https://github.com/phbits/WebsiteFailedLogins/wiki/Configuration-File-%5BSmtp%5D) configuration settings for details.

WinEvent

WinEvent writes an event to the Windows Application event log. This option is useful when integrating with centralized log collection though my require modifying log shipping policies. See WinEvent(https://github.com/phbits/WebsiteFailedLogins/wiki/Configuration-File-%5BWinEvent%5D) configuration settings for details.

Standard Out

This option is always enabled. An object is returned every time Invoke-WebsiteFailedLogins is launched. Review the following for information on how to work with the returned object.

Example Values

Method = WinEvent

Method = Smtp,WinEvent

Method = none

[Alert] DataType

The message data of an alert can be formatted in three different ways to make integration easier. Choose one.

This only impacts alerts using Smtp or WinEvent. When using Smtp, the message body will be formatted according to this setting. For WinEvent it will be the message data.

text

text, each key value pair is printed on a line as key = value.

xml

xml, hashtable is serialized to xml. To deserialize the xml back into a hashtable use:

[System.Management.Automation.PSSerializer]::Deserialize($obj)

json

json, hashtable is serialezed to json using ConvertTo-Json. Use ConvertFrom-Json to deserialize.

Example Value

DataType = text

DataType = xml

DataType = json