From abd856d7f42d2b4a1778f1c252cf2f352feddd02 Mon Sep 17 00:00:00 2001
From: Alex Kup <116945542+Lifailon@users.noreply.github.com>
Date: Tue, 11 Apr 2023 14:28:33 +0300
Subject: [PATCH] Update README.md

---
 README.md | 50 ++++++++++++++++++++++++++------------------------
 1 file changed, 26 insertions(+), 24 deletions(-)

diff --git a/README.md b/README.md
index 2f7aa6a..7c58222 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,7 @@
 - [Regex](#Regex)
 - [Items](#Items)
 - [Event](#Event)
+- [XML](#XML)
 - [Application](#Application)
 - [Network](#Network)
 - [SMB](#SMB)
@@ -451,31 +452,32 @@
 `$obj += [PSCustomObject]@{Time = $temp_fw.TimeCreated; Type = $type; Port = $port; Name = $name}` \
 `}`
 
-### XML
-`if (Test-Path $CredFile) {` \
-`$Cred = Import-Clixml -path $CredFile` \
-`} elseif (!(Test-Path $CredFile)) {` \
-`$Cred = Get-Credential -Message "Enter credential"` \
-`if ($Cred -ne $null) {` \
-`$Cred | Export-CliXml -Path $CredFile` \
-`} else {` \
-`return` \
-`}` \
-`}`
-
-`$FilterXPath = '<QueryList><Query Id="0"><Select>*[System[EventID=21]]</Select></Query></QueryList>'` \
-`$RDPAuths = Get-WinEvent -ComputerName $srv -LogName "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -FilterXPath $FilterXPath` \
-`[xml[]]$xml = $RDPAuths | Foreach {$_.ToXml()}` \
-`$EventData = Foreach ($event in $xml.Event) {` \
-`New-Object PSObject -Property @{` \
-`"Connection Time" = (Get-Date ($event.System.TimeCreated.SystemTime) -Format 'yyyy-MM-dd hh:mm K')` \
-`"User Name" = $event.UserData.EventXML.User` \
-`"User ID" = $event.UserData.EventXML.SessionID` \
-`"User Address" = $event.UserData.EventXML.Address` \
-`"Event ID" = $event.System.EventID` \
-`}}` \
-`$EventData`
+# XML
+```
+if (Test-Path $CredFile) {
+$Cred = Import-Clixml -path $CredFile
+} elseif (!(Test-Path $CredFile)) {
+$Cred = Get-Credential -Message "Enter credential"
+if ($Cred -ne $null) {
+$Cred | Export-CliXml -Path $CredFile
+} else {
+return
+}
+}
 
+$FilterXPath = '<QueryList><Query Id="0"><Select>*[System[EventID=21]]</Select></Query></QueryList>'
+$RDPAuths = Get-WinEvent -ComputerName $srv -LogName "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -FilterXPath $FilterXPath
+[xml[]]$xml = $RDPAuths | Foreach {$_.ToXml()}
+$EventData = Foreach ($event in $xml.Event) {
+New-Object PSObject -Property @{
+"Connection Time" = (Get-Date ($event.System.TimeCreated.SystemTime) -Format 'yyyy-MM-dd hh:mm K')
+"User Name" = $event.UserData.EventXML.User
+"User ID" = $event.UserData.EventXML.SessionID
+"User Address" = $event.UserData.EventXML.Address
+"Event ID" = $event.System.EventID
+}}
+$EventData
+```
 # Application
 
 ### Get-Package