How can I make a query to get a list of DELETED files from windows event log?
The event structure is a bit complex. An event whit event_id:4660 telling "An object was deleted.". but not what object.
The complexity is explained a little more her https://eventlogxp.com/blog/tracking-down-who-removed-files/
Are you referring to a query in Elasticsearch? Or a query directly in windows event log?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.