drop pfirewall.log · gap analysis · log clearing indicators · network correlation · entry density · csv export · runs locally
artifacts
drop pfirewall.log / system evtx / network artifacts
or click
gaps >5m suspicious · >30m critical · event 2009 logging changes · dns/proxy/browser for correlation
drop pfirewall.log · system evtx csv · optional dns/proxy/browser artifacts