drop security evtx csv · perform deep analysis of all audit subcategory disable events · map exact forensic blind spots created by each disable · surface the cumulative coverage loss across the investigation window · runs locally
4719 subcategory changes · guid→name mapping · blind spot inventory · 60s coordinated clusters
drop security evtx csv (4719 audit policy changes)