Windows Log Triage Report

← Back
Events: 19
Time span: 2019-01-20T07:00:50.800224+00:00 → 2023-01-24T11:54:42.899994+00:00
Generated: 2025-11-12 20:57:25 UTC
Top Providers
Microsoft-Windows-Security-Auditing (14) Microsoft-Windows-Sysmon (4) Microsoft-Windows-Eventlog (1)

Top Processes

ImageCount
system4

Top Parents

No parent data.

Network by Process

ProcessDestinationHits
system10.59.4.20:493041
system10.59.4.20:493061

Sigma-like Rule Hits

No matches in this dataset.

Suspicious Command Lines (heuristics)

None flagged.

IOCs

Domains
01566s-win16-ir.threebeesco.com
DC1.insecurebank.local
WIN-77LTAPHIQ1R.example.corp
net1.exe
URLs
none
IPv4
10.0.2.17
10.0.2.18
10.59.4.11
10.59.4.20
Hashes/Emails
none

Sample Events (first 25)

TimeProviderEIDProcessCmd
2023-01-24T11:52:02.155027+00:00 Microsoft-Windows-Security-Auditing 4799 

      

    
      

        2023-01-24T11:53:14.399050+00:00
        Microsoft-Windows-Security-Auditing
        4799
        
        

      

    
      

        2023-01-24T11:54:02.416491+00:00
        Microsoft-Windows-Security-Auditing
        4799
        
        

      

    
      

        2023-01-24T11:54:18.001638+00:00
        Microsoft-Windows-Security-Auditing
        4799
        
        

      

    
      

        2023-01-24T11:54:42.899994+00:00
        Microsoft-Windows-Security-Auditing
        4799
        
        

      

    
      

        2019-01-20T07:00:50.800224+00:00
        Microsoft-Windows-Eventlog
        1102
        
        

      

    
      

        2019-01-20T07:00:56.784849+00:00
        Microsoft-Windows-Security-Auditing
        5145
        
        

      

    
      

        2019-01-20T07:01:20.972601+00:00
        Microsoft-Windows-Security-Auditing
        5145
        
        

      

    
      

        2019-01-20T07:01:41.206379+00:00
        Microsoft-Windows-Security-Auditing
        5145
        
        

      

    
      

        2019-01-20T07:02:45.409321+00:00
        Microsoft-Windows-Security-Auditing
        5145
        
        

      

    
      

        2019-01-20T07:02:45.424917+00:00
        Microsoft-Windows-Security-Auditing
        5145
        
        

      

    
      

        2019-01-20T07:02:45.440693+00:00
        Microsoft-Windows-Security-Auditing
        5145
        
        

      

    
      

        2019-01-20T07:02:45.472383+00:00
        Microsoft-Windows-Security-Auditing
        5145
        
        

      

    
      

        2019-01-20T07:02:45.503201+00:00
        Microsoft-Windows-Security-Auditing
        5145
        
        

      

    
      

        2019-01-20T07:02:45.550112+00:00
        Microsoft-Windows-Security-Auditing
        5145
        
        

      

    
      

        2019-05-14T17:42:52.833387+00:00
        Microsoft-Windows-Sysmon
        18
        system
        

      

    
      

        2019-05-14T17:42:52.848383+00:00
        Microsoft-Windows-Sysmon
        18
        system
        

      

    
      

        2019-05-14T17:42:53.854380+00:00
        Microsoft-Windows-Sysmon
        3
        system
        

      

    
      

        2019-05-14T17:43:03.888378+00:00
        Microsoft-Windows-Sysmon
        3
        system
        

      

    
    

    
  


  
© 2025 Brandon Love · Windows Log Triage (MVP)