Show TLS Negotiations from Event Log

1. ## Gather data from Secure Channel (schannel) negotiation events
2. ## Enable logging via EventLogging REG_DWORD = 1 in HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
3.  
4. ## Get cipher suites so we can look them up for each event
5. $csuites = Get-TlsCipherSuite
6.  
7. ## Get the events and use the "properties" array, which is used to construct the message, to show individual elements
8. Get-WinEvent -FilterHashtable @{ ProviderName = 'Schannel' ; Id = 36880 } | select timecreated,@{n='Type';e={$_.Properties[0].value}},@{n='TLS';e={$_.Properties[1].Value }},@{n='CipherSuite';e={($csuites|Where CipherSuite -eq $_.Properties[2].Value).Name}} ,@{n='TargetName';e={$_.Properties[5].value}},@{n='Local Cert Subject';e={$_.Properties[6].Value}},@{n='Remote Cert Subject';e={$_.Properties[7].Value}}