Wednesday, 8 July 2020

Search the Security Event log for an IP Address

You have to do a custom XML search with the following

<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">*[EventData[Data and (Data='<IPADDRESS>')]]</Select>
  </Query>
</QueryList>

No comments:

Post a Comment