windows event checking
how to check windows event log for 4720 account creation history in sumo, please share script to check
-
Hi Francis,
If you have configured the windows event source as per the below docs
Now 4720 comes under SECURITY logs, so if you are collecting it then you can write a query like and select the time-range of your choice.
_collector=<name of collector> and _source=<source_name> and "4720"
Hope this helps.
Regards,
Shobhit
Please sign in to leave a comment.
Comments
1 comment