List of DELETED files from windows event log

tellus83 · August 14, 2017, 9:26am

How can I make a query to get a list of DELETED files from windows event log?
The event structure is a bit complex. An event whit event_id:4660 telling "An object was deleted.". but not what object.

The complexity is explained a little more her https://eventlogxp.com/blog/tracking-down-who-removed-files/

thiago · September 7, 2017, 9:38pm

Are you referring to a query in Elasticsearch? Or a query directly in windows event log?

system · October 5, 2017, 9:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Visualize Windows Eventlog Auditing Kibana	2	1206	December 13, 2016
Question about searching winlog events Elasticsearch	1	485	August 20, 2019
Elastic Search 2.4.1 Windows Service Elasticsearch	2	112	March 15, 2024
Querying deleted documents Elasticsearch	2	540	August 1, 2017
Can't get delete by query to actually delete Elasticsearch	20	3972	December 5, 2019

List of DELETED files from windows event log

Related topics