drop evtx csv · detect exact duplicate event records · identify injected synthetic duplicates · surface events that appear twice with identical content but different record IDs · runs locally
evtx csv
drop evtx csv (multi-file)
or click
fingerprint: event id · time (sec) · computer · pid · thread · key fields · synthetic = different record id · burst 5+/10s
drop evtx csv exports