# Event Log Monitor

Monitors the Windows Security Event Log for high-value security events including failed logon attempts, account lockouts, privilege escalation, and local group membership changes. Stateful — only alerts on newly observed events since the last run, preventing duplicate alerts across consecutive executions. Runs on a schedule via Syncro RMM.

See [project.md](project.md) for full architecture, monitored event IDs, and deployment details.

## Files

| File | Description |
|---|---|
| `event_log_monitor.ps1` | Main Syncro script — deploy this |
| `project.md` | Architecture, monitored events, deployment guide |