fatcousin
home

drop security evtx csv · detect bulk firewall rule deletion · identify removal of network monitoring rules · surface firewall configuration destruction enabling unmonitored network communication · runs locally

security evtx csv
drop security evtx csv (multi-file)
or click

4946–4948 / 2004–2033 rule changes · >5 deletions in 60s suspicious · >20 critical · netsh advfirewall disable · inbound allow rules

drop security evtx csv exports (multi-file)
ready