EventMonitor.Windows

1.0.3

EventMonitor.Windows.psd1

                                #

# Module manifest for module 'EventMonitor.Windows'

#

# Generated by: Rakesh Navale (justvirtually)

#

# Generated on: 3/8/2026

#

@{

# Script module or binary module file associated with this manifest.

RootModule = '.\EventMonitor\WindowsEventMonitor.psm1'

# Version number of this module.

ModuleVersion = '1.0.3'

# Supported PSEditions

CompatiblePSEditions = @('Core')

# ID used to uniquely identify this module

GUID = 'd64b1d3c-f77a-448e-87a7-becbe286563b'

# Author of this module

Author = 'Rakesh Navale'

# Company or vendor of this module

CompanyName = 'justvirtually'

# Copyright statement for this module

Copyright = '(c) 2026-present Rakesh Navale. All rights reserved.'

# Description of the functionality provided by this module

Description = @'

Real-time Windows security event monitoring with zero-polling architecture. Uses EventLogWatcher

for instant OS-level event delivery, a self-healing watchdog, and pluggable telemetry sinks.

Monitors 40+ event IDs across 17 groups: logon/logoff, failed authentication (brute force),

account management, group membership changes, privilege escalation, process execution,

persistence (services/tasks), audit tampering, PowerShell script logging, SSH, RDP, WinRM

(lateral movement), Windows Defender, firewall rule changes, network shares, and system health.

Features: monitoring levels (Minimum/Standard/High/Custom), JSONL event journal for AI/SIEM,

configurable log retention, 21 exported functions, local-first with optional cloud telemetry.

Zero external dependencies beyond one Microsoft DLL. Install, register, and forget.

Requires PowerShell 7.4+, Windows 10/11 or Server 2016+, administrator privileges.

'@

# Minimum version of the PowerShell engine required by this module

PowerShellVersion = '7.4'

# Name of the PowerShell host required by this module

# PowerShellHostName = ''

# Minimum version of the PowerShell host required by this module

# PowerShellHostVersion = ''

# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.

# DotNetFrameworkVersion = ''

# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.

# ClrVersion = ''

# Processor architecture (None, X86, Amd64) required by this module

# ProcessorArchitecture = ''

# Modules that must be imported into the global environment prior to importing this module

# RequiredModules = @()

# Assemblies that must be loaded prior to importing this module

# RequiredAssemblies = @()

# Script files (.ps1) that are run in the caller's environment prior to importing this module.

# ScriptsToProcess = @()

# Type files (.ps1xml) to be loaded when importing this module

# TypesToProcess = @()

# Format files (.ps1xml) to be loaded when importing this module

# FormatsToProcess = @()

# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess

# NestedModules = @()

# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.

FunctionsToExport = @(

    # Task management

    'Register-EventMonitor',

    'Unregister-EventMonitor',

    'Uninstall-EventMonitor',

    'Start-EventMonitor',

    'Stop-EventMonitor',

    'Enable-EventMonitor',

    'Disable-EventMonitor',

    'Get-EventMonitor',

    # Event collection

    'Invoke-EventMonitor',

    'Get-WindowsEventsAndSessions',

    'Get-MonitoredEventCategories',

    # Monitoring configuration

    'Set-MonitoringLevel',

    'Get-MonitoringConfig',

    'Get-EventGroups',

    'Set-EventJournal',

    'Set-EMLogLevel',

    'Get-EventHistory',

    'Show-EventMonitorHelp',

    # Telemetry sinks

    'Register-TelemetrySink',

    'Unregister-TelemetrySink',

    'Get-TelemetrySinks'

)

# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.

CmdletsToExport = @()

# Variables to export from this module

VariablesToExport = @()

# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.

AliasesToExport = @()

# DSC resources to export from this module

# DscResourcesToExport = @()

# List of all modules packaged with this module

# ModuleList = @()

# List of all files packaged with this module

# FileList = @()

# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.

PrivateData = @{

    PSData = @{

        # Tags applied to this module. These help with module discovery in online galleries.

        Tags = @(

            'Windows', 'Security', 'EventMonitor', 'EventLog', 'SIEM',

            'ApplicationInsights', 'Telemetry', 'RDP', 'SSH', 'WinRM',

            'Logon', 'AuditLog', 'ThreatDetection', 'Defender',

            'Firewall', 'BruteForce', 'ScheduledTask', 'PowerShell7',

            'PSEdition_Core'

        )

        # A URL to the license for this module.

        LicenseUri = 'https://github.com/navalerakesh/EventMonitor.Windows/blob/main/LICENSE'

        # A URL to the main website for this project.

        ProjectUri = 'https://github.com/navalerakesh/EventMonitor.Windows'

        # A URL to an icon representing this module.

        IconUri = 'https://raw.githubusercontent.com/navalerakesh/EventMonitor.Windows/main/assets/icon.png'

        # ReleaseNotes of this module

        ReleaseNotes = @'

1.0.1 - Initial public release

* Event-driven architecture via EventLogWatcher (zero polling, real-time detection)

* Self-healing watchdog with auto-restart, catch-up sweep, health telemetry

* 40+ Windows event IDs across 17 groups (Logon, Logoff, SSH, RDP, Account,

  Group, Privilege, Process, Persistence, Audit, PowerShell, NetworkShare,

  NetworkFirewall, SystemHealth, WinRM, Defender + custom)

* 4 monitoring levels: Minimum (4 groups), Standard (13), High (17), Custom

* 21 exported functions including monitoring config, event history, telemetry sinks

* Pluggable telemetry sinks: App Insights built-in, add webhook/SIEM/email/custom

* JSONL event journal for AI tools, SIEM, and offline analysis

* Data stored in C:\ProgramData\WindowsEventMonitor\ (survives module updates)

* Connection string via env var, file, or parameter (ACL-protected)

* Auto-restart on crash (3 retries), AtStartup trigger, idempotent registration

* Application Insights SDK 3.0.0 (net9.0), PowerShell 7.4+ required

'@

        # Prerelease string of this module

        # Prerelease = ''

        # Flag to indicate whether the module requires explicit user acceptance for install/update/save

        RequireLicenseAcceptance = $false

        # External dependent modules of this module

        # ExternalModuleDependencies = @()

    } # End of PSData hashtable

} # End of PrivateData hashtable

# HelpInfo URI of this module

# HelpInfoURI = ''

# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.

# DefaultCommandPrefix = ''

}