drop sysmon evtx csv and system evtx csv · detect sysmon service stops · identify configuration changes reducing coverage · surface gaps in sysmon telemetry stream · runs locally
artifacts
drop sysmon / system / security evtx csv (multi-file)
or click
telemetry gaps · 7036/7040 service events · Event 16 config hash · anti-sysmon commands · Event 255 errors
drop sysmon / system / security evtx csv exports