drop file access logs · per-user baselines · bulk/off-hours/cross-dept anomalies · runs locally
drop file access or 4663 evtx csv