Write-CveEvent

1.0

Write-CveEvent.ps1

                                
<#PSScriptInfo

.VERSION 1.0

.GUID 1712c8de-8109-4a62-8123-1d6060ea364d

.AUTHOR Stephen Osburne

.COMPANYNAME

.COPYRIGHT

.TAGS

.LICENSEURI

.PROJECTURI

.ICONURI

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS

.EXTERNALSCRIPTDEPENDENCIES

.RELEASENOTES

.PRIVATEDATA

#>

<#

.SYNOPSIS

    Generates a CVE Detection in the Windows Eventlog

.DESCRIPTION

    This script calls the CveEventWrite function from AdvApi32.dll to write a CVE detection

    event to the Windows Event Log

    Log: Application

    Source: Audit-CVE

    Event ID: 1

    Outputs "False" if there are no errors.

.PARAMETER -CVE

    Specifies the CVE or Vulnerability to put in the Event

    If not specified, the default is "CVE-2020-0601"

.PARAMETER -AddInfo <String[]>

    Specifies the Additional Information to put in the Event

    If not specified, the default is "CA: <Evil Corp> sha1: 0B02DBB8B01B69D9410E39B39058466480309866 & Other Interesting Information"

.INPUTS

None.

.OUTPUTS

None.

.EXAMPLE

PS> .\Write-CveEvent.ps1 -CVE "2020-0601" -AddInfo ""CA: <Evil Corp>"

.NOTES

Thanks to @DiderStevens for the VBA Code starting point.

#>

Param (

    [parameter()]

    [string[]]$CVE = "CVE-2020-0601",

    [parameter()]

    [string[]]$AddInfo = "CA: <Evil Corp> sha1: 0B02DBB8B01B69D9410E39B39058466480309866 & Other Interesting Information"

)

$Signature = @"

[DllImport("advapi32.dll", CharSet=CharSet.Auto)]

public static extern bool CveEventWrite(String CveId, String AdditionalDetails);

"@

$CveEventWrite = Add-Type -MemberDefinition $Signature -Name "AdvApiCveEventWrite" -Namespace securitybaseapi -PassThru 

$CveEventWrite::CveEventWrite($CVE, $AddInfo)