drop security or system evtx csv · detect event log service stops and restarts · correlate gaps with adjacent events · surface windows event log service manipulation · identify log blackout windows · runs locally
evtx csv
drop evtx csv (multi-file)
or click
1100/6006 stops · 6005 starts · 1102/104 clears · gap >5min suspicious · >30min critical
drop security or system evtx csv exports