Reduction in Scan Times #2
Description
You can significantly reduce the scan times in the Hash, Filename, FileSize, and Port sections by modifying the script to pipe the system data into select-string without using a for loop. Everytime it loops to another IOC in the text file, it queries the unfiltered files again with get-content. Because you are only searching for a match on a string or regex pattern, you can use the variable that defines the ioc document for receiving the pipeline of the unfiltered files.
$FileSizeIOC = get-content .\Indicators\File_Size_IOC.txt foreach ($Size in $FileSizeIOC) { get-content ".\Unfiltered_Files.txt" | Select-String -Pattern :$Size\Z >> .\Results\$env:COMPUTERNAME"_FileSizeScan.txt" }
Changed to:
$FileSizeIOC = get-content .\Indicators\File_Size_IOC.txt get-content ".\Unfiltered_Files.txt" | Select-String -Pattern :$FileSizeIOC\Z >> .\Results\$env:COMPUTERNAME"_FileSizeScan.txt"