IOCs For Windows OS
Hi
i like filter the search section for find some IOCs activities , for example i want filter the windows logs and find hosts those they have event logs by id 4618 and 4919,but i can not create a search filter on the search box like the blow code :
- EventID = 4618 and EventID = 4919
what should i do?
i have to create this filter of IOC on the search box :
- and [4618,4912,OR (4907,4660,4670,4691), OR (4964,4767,4760,4758,4757,4753,4750,4743,4740), OR (5025.5034,4950,4949)
and i try this on the search box :
- EVENTID = 4618,4912 OR (EVENTID = "4907" OR EVENTID = 4660 .... )
but i think "EVENTUD = 4618,4912" like as OR operation and it is not a And Operation and the result of
EVENTID = "4985" And EventID = "4663" And Hostname="FS" was empty but on this host i have logs by event id 4985 and 4663.
thank you for your helps.
Topic Participants
Moqaniyani
Prasannanayagi S
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?