powershell 16 export remote computer security logs as csv

PS C:\Windows\System32> Enable-PSRemoting -Force  

PS C:\Windows\System32> Set-Item wsman:\localhost\client\trustedhosts *

PS C:\Windows\System32> Restart-Service WinRM

PS C:\Windows\System32> test-netconnection -computername 192.168.0.24 -port 5985

ComputerName     : 192.168.0.24

RemoteAddress    : 192.168.0.24

RemotePort       : 5985

InterfaceAlias   : Wi-Fi 2

SourceAddress    : 192.168.0.18

TcpTestSucceeded : True

PS C:\Windows\System32> $credential=get-credential

PS C:\Windows\System32> $session = new-pssession -computername 192.168.0.24 -credential $credential

PS C:\Windows\System32> $session

 Id Name            Transport ComputerName    ComputerType    State         ConfigurationName     Availability

 -- ----            --------- ------------    ------------    -----         -----------------     ------------

  9 Runspace9       WSMan     192.168.0.24    RemoteMachine   Opened        Microsoft.PowerShell     Available

#obtain security logs of remote computer for last hour

$securityLogs = invoke-command -session $session -scriptblock {

    Get-EventLog Security | where TimeWritten -gt (get-date).AddHours(-1)

}

$securityLogs | Export-Csv ~\desktop\report.csv

security logs saved on desktop

reference:

https://chuanshuoge2.blogspot.com/2020/08/powershell-11-remoting.html

https://www.youtube.com/watch?v=esANUEpMvpg