IOCs For Windows OS

IOCs For Windows OS

Hi
i like filter the search section for find some IOCs activities , for example i want filter the windows logs and find hosts those they have event logs by id 4618 and 4919,but i can not create a search filter on the search box like the blow code :
  1. EventID = 4618 and EventID = 4919
what should i do?

i have to create this filter of IOC on the search box :
  1. and [4618,4912,OR (4907,4660,4670,4691), OR (4964,4767,4760,4758,4757,4753,4750,4743,4740), OR (5025.5034,4950,4949)
and i try this on the search box :
  1. EVENTID = 4618,4912 OR (EVENTID = "4907" OR EVENTID = 4660 .... )
but i think "EVENTUD = 4618,4912" like as OR operation and it is not a And Operation and the result of 
EVENTID = "4985" And EventID =  "4663" And Hostname="FS" was empty but on this host i have logs by event id 4985 and 4663.

thank you for your helps.
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products