drop security evtx csv · identify event 4769 with rc4 encryption type for service tickets · unusual requestors · flag accounts at risk · reconstruct attack timeline · runs locally
security evtx csv
drop evtx csv
or click
4769 · 4770 · 4768 — ticket encryption type column required
drop security evtx csv (4769, 4770, 4768)