A Windows Scheduled Task can be configured to trigger when events that match a filter are written to a specific log (eg ForwardedEvents) instead of the usual time-based trigger. The task can then execute a PowerShell script passing the details of the event that triggered the task as arguments to the script.
↧
