"AaronLocker" big perf and feature updates (17 June 2019)
Performance improvements in the "AaronLocker" scripts, especially in Get-AppLockerEvents.ps1.
- Now retrieves Packaged App events;
- -EventLogNames parameter supports retrieving from named event logs, to support the use case when forwarded events are saved in event logs other than "ForwardedEvents";
- Removed all the field-omission switches (as part of the perf upgrade)
- No longer requires a saved .csv file; invoke it without parameters and Generate-EventWorkbook.ps1 retrieves events from the local computer and slices/dices the results into a multi-tabbed Excel workbook.
Documentation updated, including updated troubleshooting/tips section.