In the previous tip we explained how you can get PowerShellGet up and running with your PowerShell version. Now let’s see how easily the PowerShell Gallery can extend the PowerShell functionality.
ScriptBlock Logging is a new feature in PowerShell 5 and beyond. Whenever the PowerShell engine compiles (executes) a command, it logs it to an internal log file. By default, only a few commands are logged that are considered security-relevant. With a free module called ScriptBlockLoggingAnalyzer, you can find out the code that PowerShell has logged on your machine:
# install the extension module from the Gallery (only required once!) Install-Module ScriptBlockLoggingAnalyzer -Scope CurrentUser -Force # show all logged events Get-SBLEvent | Out-GridView
Note that the ScriptBlockLoggingAnalyzer module currently works with Windows PowerShell only. PowerShell Core uses the same mechanisms but different logs. Since the log names in PowerShell Core are a work in progress, you’d have to manually adjust the module to also cover PowerShell Core.
