drop security system and task scheduler evtx csvs · detect scheduled task deletion · identify task history clearing · surface task creation followed by deletion indicating attacker cleanup · runs locally
4698/4699 · 106/141/111 · lifecycle pairing · bulk delete clusters · task xml action analysis
drop security, system, or task scheduler evtx csv exports