About SteveZelik48355

SteveZelik48355 · 10-05-2020

Im relatively new to Cisco AMP's Orbital Search, but looking for an easy way to have the Orbital Search query a client machine and pull all events 4624 and also want to further filter into logon types 2 (internative logon at keyboard) and type 7 (unl...

SteveZelik48355 · 02-21-2022

Ditto....getting them too for bg.js and watch.js

SteveZelik48355 · 10-05-2020

Thanks so much for this. One quick question, if I want to modify the line below to look for both logins #2 and 7, how do I put both into the query? LIKE '%Logon Type: 9%';

Member Since	‎10-05-2020 04:43 AM
Date Last Visited	‎02-23-2022 12:07 AM
Posts	3
Total Helpful Votes Received	5

User Statistics

User Activity

Have Orbital Search pull a specific event id and logon type

Re: .js false positives this morning?

Re: Have Orbital Search pull a specific event id and logon type