fatcousin
home

drop security evtx csv · detect audit policy changes · identify subcategories disabled · surface reduction in logging coverage · correlate with attack timeline · runs locally

security evtx csv
drop security evtx csv (multi-file)
or click

4719 policy changes · 4906 crash-on-audit-fail · 4907/4715 sacl changes · rapid clusters <60s

drop security evtx csv exports
ready