History

cole@cybertek.systems 5b2c329d15 Add per-folder READMEs and network traffic monitor project.md		2026-03-16 09:21:13 -05:00
..
README.md	Add per-folder READMEs and network traffic monitor project.md	2026-03-16 09:21:13 -05:00
event_log_monitor.ps1	Initial commit: network traffic monitor, lolrmm detector, event log monitor	2026-03-16 09:14:51 -05:00
project.md	Initial commit: network traffic monitor, lolrmm detector, event log monitor	2026-03-16 09:14:51 -05:00

README.md

Event Log Monitor

Monitors the Windows Security Event Log for high-value security events including failed logon attempts, account lockouts, privilege escalation, and local group membership changes. Stateful — only alerts on newly observed events since the last run, preventing duplicate alerts across consecutive executions. Runs on a schedule via Syncro RMM.

See project.md for full architecture, monitored event IDs, and deployment details.

Files

File	Description
`event_log_monitor.ps1`	Main Syncro script — deploy this
`project.md`	Architecture, monitored events, deployment guide