Windows-classic-samples/Samples/ManagementInfrastructure/cpp/Indication/CIMCmdlet/Indication.ps1

#Get indication class
Get-CimClass -Namespace root/StandardCimv2/sample -QualifierName Indication

#Register for event
Register-CimIndicationEvent -class MSFT_WindowsServiceStopped -Namespace root/StandardCimv2/sample -SourceIdentifier "ServiceStop"
Register-CimIndicationEvent -class MSFT_WindowsServiceStarted -Namespace root/StandardCimv2/sample -SourceIdentifier "ServiceStart"


#Start a service
$a = Get-CimInstance -ClassName MSFT_WindowsService -Namespace root/StandardCimv2/sample -Filter  'name like "plug%"' 
$a |  Select Name, Started, Status #>>> Service is currently stopped
Invoke-CimMethod -InputObject $a -MethodName StartService
Sleep 5
$event = Get-event -SourceIdentifier ServiceStart
$event.SourceEventArgs.NewEvent.PreviousInstance  |Select Name, Started, Status
$event.SourceEventArgs.NewEvent.SourceInstance | Select Name, Started, Status

#Stop Service
Invoke-CimMethod -InputObject $a -MethodName StopService 
Sleep 5
$event = Get-event -SourceIdentifier ServiceStop
$event.SourceEventArgs.NewEvent.PreviousInstance  |Select Name, Started, Status
$event.SourceEventArgs.NewEvent.SourceInstance | Select Name, Started, Status
Unregister-Event *

#Lifecycle events - generated by WMI 
Register-CimIndicationEvent -query "select * from __instancecreationevent within 5 where targetinstance isa 'MSFT_WindowsProcess'" -Namespace root/StandardCimv2/sample  -sourceIdentifier "WMIProcessStart"

#Start a process
Invoke-CimMethod -ClassName MSFT_WindowsProcess -namespace root/StandardCimv2/sample -MethodName Create -Arguments @{CommandLine="calc.exe"}

#Sleep for 5 seconds
Sleep 5

#Read the event
$event = Get-event -SourceIdentifier WMIProcessStart
$event.SourceEventArgs.NewEvent.TargetInstance | Select Name, Priority
#Unregister the event
Unregister-Event *