Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Im relatively new to Cisco AMP's Orbital Search, but looking for an easy way to have the Orbital Search query a client machine and pull all events 4624 and also want to further filter into logon types 2 (internative logon at keyboard) and type 7 (unl...
Thanks so much for this. One quick question, if I want to modify the line below to look for both logins #2 and 7, how do I put both into the query? LIKE '%Logon Type: 9%';
